Issued:
2019-09-20
Updated:
2019-09-20

RHSA-2019:2830 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm SHA-256: 884759523185a434b3c8027750f6a678520530ef9f47bbf44a5a05e0b6d24023
x86_64
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 08f5f816db08179cc54899f7ee15fcd51193a25ee532ab4d2df13c82d980f8f1
kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: d22034c149d11814d39909c40bb8c6a69f8b376e11edc61baf900b4dd5cfcd5f
kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: bf19bb8cb6ba55501599fd4faa82d0d4ebc095395c4c67209fcd057db9370a19
kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 9cf1eee47aa6bd3b6978b6dae565674df0d41c229b0cc510f498baccca76c9da
kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 17138fb02e2621906d51e74612d2eb70312a4d0e551189ff6195025d8a429c35
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: dfa6c5284e3630a6e3cc34f8c833076189995ce83606045e75e07c855cd58729
kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: bec2869e5187f3ddccf99fa6bf5ab6ea928b7e28017507fba195059f355b307c
kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm SHA-256: 9f45b443f326b790c53f0561aee17d7bf0dc58b0e5a440b107703ab8db8ee906
kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 9019147e4abf3c4e6e6f0cd71d647b47fbe2f614e30208170b54af5150a3cca0
kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 7f4ceec6a1d80909c09d2fcb4e38a6058618db8e3cbe16030b913f955c32bb12
kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 8b9a9d5b790e03c075bc981504399e9f79aea3e57f955a773d9f434fcc56a8ed

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm SHA-256: 884759523185a434b3c8027750f6a678520530ef9f47bbf44a5a05e0b6d24023
x86_64
kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 08f5f816db08179cc54899f7ee15fcd51193a25ee532ab4d2df13c82d980f8f1
kernel-rt-debug-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: d22034c149d11814d39909c40bb8c6a69f8b376e11edc61baf900b4dd5cfcd5f
kernel-rt-debug-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: bf19bb8cb6ba55501599fd4faa82d0d4ebc095395c4c67209fcd057db9370a19
kernel-rt-debug-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 9cf1eee47aa6bd3b6978b6dae565674df0d41c229b0cc510f498baccca76c9da
kernel-rt-debug-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 4b3b1b85fd95d2c573f6d4a38fcb76cb8dc62211a032bd1a45a2319233b21cde
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 16a9ebb6572e3a02dcae5877110c4916e5793a3acefe8e866da92895acb56d68
kernel-rt-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 17138fb02e2621906d51e74612d2eb70312a4d0e551189ff6195025d8a429c35
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: dfa6c5284e3630a6e3cc34f8c833076189995ce83606045e75e07c855cd58729
kernel-rt-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: bec2869e5187f3ddccf99fa6bf5ab6ea928b7e28017507fba195059f355b307c
kernel-rt-doc-3.10.0-1062.1.2.rt56.1025.el7.noarch.rpm SHA-256: 9f45b443f326b790c53f0561aee17d7bf0dc58b0e5a440b107703ab8db8ee906
kernel-rt-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: cc3ce8f6ebf81338eed1b12c5e935905ce1bcf3d520539aedc0eaef005bd8bfc
kernel-rt-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 6713173b3dc31c210e4cdc857fa0c061b70128e5153bc1080faf0cd8b41bc968
kernel-rt-trace-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 9019147e4abf3c4e6e6f0cd71d647b47fbe2f614e30208170b54af5150a3cca0
kernel-rt-trace-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 7f4ceec6a1d80909c09d2fcb4e38a6058618db8e3cbe16030b913f955c32bb12
kernel-rt-trace-devel-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 8b9a9d5b790e03c075bc981504399e9f79aea3e57f955a773d9f434fcc56a8ed
kernel-rt-trace-kvm-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: 76d77d68293c068b7008af39540d9f80d98c22b8f75ab33025c70eb9d8ff6e1e
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.1.2.rt56.1025.el7.x86_64.rpm SHA-256: b3922bbc7ceca5ddc4fdb9638efc80aa4628fc53a5ef69382aac3a4dd39205b9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.