- Issued:
- 2019-09-20
- Updated:
- 2019-09-20
RHSA-2019:2830 - Security Advisory
Synopsis
Important: kernel-rt security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64
Fixes
- BZ - 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm | SHA-256: 884759523185a434b3c8027750f6a678520530ef9f47bbf44a5a05e0b6d24023 |
| x86_64 | |
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 08f5f816db08179cc54899f7ee15fcd51193a25ee532ab4d2df13c82d980f8f1 |
| kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: d22034c149d11814d39909c40bb8c6a69f8b376e11edc61baf900b4dd5cfcd5f |
| kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bf19bb8cb6ba55501599fd4faa82d0d4ebc095395c4c67209fcd057db9370a19 |
| kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9cf1eee47aa6bd3b6978b6dae565674df0d41c229b0cc510f498baccca76c9da |
| kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 17138fb02e2621906d51e74612d2eb70312a4d0e551189ff6195025d8a429c35 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: dfa6c5284e3630a6e3cc34f8c833076189995ce83606045e75e07c855cd58729 |
| kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bec2869e5187f3ddccf99fa6bf5ab6ea928b7e28017507fba195059f355b307c |
| kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm | SHA-256: 9f45b443f326b790c53f0561aee17d7bf0dc58b0e5a440b107703ab8db8ee906 |
| kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9019147e4abf3c4e6e6f0cd71d647b47fbe2f614e30208170b54af5150a3cca0 |
| kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 7f4ceec6a1d80909c09d2fcb4e38a6058618db8e3cbe16030b913f955c32bb12 |
| kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 8b9a9d5b790e03c075bc981504399e9f79aea3e57f955a773d9f434fcc56a8ed |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm | SHA-256: 884759523185a434b3c8027750f6a678520530ef9f47bbf44a5a05e0b6d24023 |
| x86_64 | |
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 08f5f816db08179cc54899f7ee15fcd51193a25ee532ab4d2df13c82d980f8f1 |
| kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: d22034c149d11814d39909c40bb8c6a69f8b376e11edc61baf900b4dd5cfcd5f |
| kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bf19bb8cb6ba55501599fd4faa82d0d4ebc095395c4c67209fcd057db9370a19 |
| kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9cf1eee47aa6bd3b6978b6dae565674df0d41c229b0cc510f498baccca76c9da |
| kernel-rt-debug-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 4b3b1b85fd95d2c573f6d4a38fcb76cb8dc62211a032bd1a45a2319233b21cde |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 16a9ebb6572e3a02dcae5877110c4916e5793a3acefe8e866da92895acb56d68 |
| kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 17138fb02e2621906d51e74612d2eb70312a4d0e551189ff6195025d8a429c35 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: dfa6c5284e3630a6e3cc34f8c833076189995ce83606045e75e07c855cd58729 |
| kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bec2869e5187f3ddccf99fa6bf5ab6ea928b7e28017507fba195059f355b307c |
| kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm | SHA-256: 9f45b443f326b790c53f0561aee17d7bf0dc58b0e5a440b107703ab8db8ee906 |
| kernel-rt-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: cc3ce8f6ebf81338eed1b12c5e935905ce1bcf3d520539aedc0eaef005bd8bfc |
| kernel-rt-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 6713173b3dc31c210e4cdc857fa0c061b70128e5153bc1080faf0cd8b41bc968 |
| kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9019147e4abf3c4e6e6f0cd71d647b47fbe2f614e30208170b54af5150a3cca0 |
| kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 7f4ceec6a1d80909c09d2fcb4e38a6058618db8e3cbe16030b913f955c32bb12 |
| kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 8b9a9d5b790e03c075bc981504399e9f79aea3e57f955a773d9f434fcc56a8ed |
| kernel-rt-trace-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 76d77d68293c068b7008af39540d9f80d98c22b8f75ab33025c70eb9d8ff6e1e |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: b3922bbc7ceca5ddc4fdb9638efc80aa4628fc53a5ef69382aac3a4dd39205b9 |
Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm | SHA-256: 884759523185a434b3c8027750f6a678520530ef9f47bbf44a5a05e0b6d24023 |
| x86_64 | |
| kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 08f5f816db08179cc54899f7ee15fcd51193a25ee532ab4d2df13c82d980f8f1 |
| kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: d22034c149d11814d39909c40bb8c6a69f8b376e11edc61baf900b4dd5cfcd5f |
| kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bf19bb8cb6ba55501599fd4faa82d0d4ebc095395c4c67209fcd057db9370a19 |
| kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9cf1eee47aa6bd3b6978b6dae565674df0d41c229b0cc510f498baccca76c9da |
| kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 17138fb02e2621906d51e74612d2eb70312a4d0e551189ff6195025d8a429c35 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: dfa6c5284e3630a6e3cc34f8c833076189995ce83606045e75e07c855cd58729 |
| kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: bec2869e5187f3ddccf99fa6bf5ab6ea928b7e28017507fba195059f355b307c |
| kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm | SHA-256: 9f45b443f326b790c53f0561aee17d7bf0dc58b0e5a440b107703ab8db8ee906 |
| kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 9019147e4abf3c4e6e6f0cd71d647b47fbe2f614e30208170b54af5150a3cca0 |
| kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 7f4ceec6a1d80909c09d2fcb4e38a6058618db8e3cbe16030b913f955c32bb12 |
| kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm | SHA-256: 8b9a9d5b790e03c075bc981504399e9f79aea3e57f955a773d9f434fcc56a8ed |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
