- Issued:
- 2019-10-16
- Updated:
- 2019-10-16
RHSA-2019:3089 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856)
- kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846)
- hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506)
- kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c
- BZ - 1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
- BZ - 1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)
- BZ - 1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c
- BZ - 1748570 - kernel-rt: update to the RHEL7.7.z batch#2 source tree
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.4.1.rt56.1027.el7.src.rpm | SHA-256: d74c634fcd4f5cf9caa1df64239f3b475d21e0e59c0db7933456b5288b9883b4 |
| x86_64 | |
| kernel-rt-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: aedefef5c99f471ddf26155cce0157bc6e1609ec624f825ba3bba06c4c4dca12 |
| kernel-rt-debug-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 6427df14ac81d3ac3ca4137e0ef11bb6c81dc3acc49acd991a7a67cb440027b8 |
| kernel-rt-debug-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 1baf48b158709ae9a23a5d4047bb6449986548375a01c8caa7a1ac51041c6ca2 |
| kernel-rt-debug-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 04106f42736490757dbd0881382004a4bc13a2f5119b8c032c18ebb3630ff8c5 |
| kernel-rt-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 9167f9a0439113d2d5b9812f7b96b92329a90d6c4a2c5a0c80317002fff32079 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 3a861b90604c5b37d6d361312731a1739faad8136e9a6d8287d369bb7d2e49f2 |
| kernel-rt-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 9e8dd65a439c79b4af3affd24bbf2503ad2daeb74ed052cb60e415d2d9a8e0c8 |
| kernel-rt-doc-3.10.0-1062.4.1.rt56.1027.el7.noarch.rpm | SHA-256: abccf96add1b00f1939c459f7f517049d320887675b0e8c974e0088181b93019 |
| kernel-rt-trace-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 7f1dbca9405da2f55dedc21287044a59138c8e671429544018192f9228290bd7 |
| kernel-rt-trace-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 89565a8d46e082745420df98e6b65a78f569e53116e4562fa2084123f7f3d843 |
| kernel-rt-trace-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: c7b1365f4fca63ad73020ce8f4b445fb140c67cca240a7dbefb11c2339011041 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.4.1.rt56.1027.el7.src.rpm | SHA-256: d74c634fcd4f5cf9caa1df64239f3b475d21e0e59c0db7933456b5288b9883b4 |
| x86_64 | |
| kernel-rt-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: aedefef5c99f471ddf26155cce0157bc6e1609ec624f825ba3bba06c4c4dca12 |
| kernel-rt-debug-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 6427df14ac81d3ac3ca4137e0ef11bb6c81dc3acc49acd991a7a67cb440027b8 |
| kernel-rt-debug-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 1baf48b158709ae9a23a5d4047bb6449986548375a01c8caa7a1ac51041c6ca2 |
| kernel-rt-debug-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 04106f42736490757dbd0881382004a4bc13a2f5119b8c032c18ebb3630ff8c5 |
| kernel-rt-debug-kvm-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 6887b656e2442ac5708833881325b79adaa51516385cc27cad05d523bf7396ca |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 4744b4b41b4a2f39879e069346002fb6b9c093a09acbd358214839eadd7760c1 |
| kernel-rt-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 9167f9a0439113d2d5b9812f7b96b92329a90d6c4a2c5a0c80317002fff32079 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 3a861b90604c5b37d6d361312731a1739faad8136e9a6d8287d369bb7d2e49f2 |
| kernel-rt-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 9e8dd65a439c79b4af3affd24bbf2503ad2daeb74ed052cb60e415d2d9a8e0c8 |
| kernel-rt-doc-3.10.0-1062.4.1.rt56.1027.el7.noarch.rpm | SHA-256: abccf96add1b00f1939c459f7f517049d320887675b0e8c974e0088181b93019 |
| kernel-rt-kvm-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: fd9ef5b1152ef2c191ae305accba41108ed3766dc6d43a6079984f59c86d6154 |
| kernel-rt-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: ace2e2777e99b833e41779f2bf5897fdb2ca5987451c0b161385aadcb036f814 |
| kernel-rt-trace-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 7f1dbca9405da2f55dedc21287044a59138c8e671429544018192f9228290bd7 |
| kernel-rt-trace-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 89565a8d46e082745420df98e6b65a78f569e53116e4562fa2084123f7f3d843 |
| kernel-rt-trace-devel-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: c7b1365f4fca63ad73020ce8f4b445fb140c67cca240a7dbefb11c2339011041 |
| kernel-rt-trace-kvm-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 36299dc0ccff10aca37a74d1a4709925b7cf2a71e9dca019b3ba6a38f7c50885 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1062.4.1.rt56.1027.el7.x86_64.rpm | SHA-256: 4b36cb8ec4ca7414d0ba53915e3c43b781a44d24330f05262bb007caa2c75899 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.