Issued:
2019-11-12
Updated:
2019-11-12

RHSA-2019:3835 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
  • hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
  • hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IPU)
  • BZ - 1724393 - CVE-2019-0154 hw: Intel GPU Denial Of Service while accessing MMIO in lower power state
  • BZ - 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

CVEs

References

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.src.rpm SHA-256: 3473bc118a0dd2e8cb2cf0993d82ac8c3d714ef71f67f5c2f98c1c8857ce9027
x86_64
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 668fb3ae72a529ba48f84bb6bea3f5c92df0c6fd32fe6d1b7e995585f5094006
kernel-rt-debug-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: f59537900f49327dcf8cf1cf0dc699e1d40ee1d65c1785c457f6850125fb5b6d
kernel-rt-debug-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: d60189a42954c534bfa42507efe0f13ca24310dee5f753ec5a437dc2b4c6b30a
kernel-rt-debug-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 4c18ad513e27e9e6b8cf532dc706902fde74ec659b0b8a16fb681253090b1a9c
kernel-rt-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: a6043f4cb868a3c4aa8530b84975a8dd40e0cb625eb578e9452cd6fa5833bb71
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 6373e8549c836fbbe2a2264d3d45ad686c7bc29917056f301a93e691e5cf993f
kernel-rt-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 2f73ac8fba05a6cc5b48bd978b9e5dd5add27c297c57d831cc2d193ba9053e95
kernel-rt-doc-3.10.0-1062.4.2.rt56.1028.el7.noarch.rpm SHA-256: df7c1a239185d66b54032ee1b69b1655aa6ae9ec942f1e2b0b9d9cd61f32f086
kernel-rt-trace-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 46b50fd051c4478e54300119bb458d50d1b79a1a93ffe972d6a21676268ad128
kernel-rt-trace-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: ef22dfe0d4051f52b66906fdaf670011ee562962de90ccd5cbe15d82c2355ccc
kernel-rt-trace-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 6658b7a8a3a197a354f261380b9b5f54b3259f207ac90c52ba9dfb6e7372076d

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.src.rpm SHA-256: 3473bc118a0dd2e8cb2cf0993d82ac8c3d714ef71f67f5c2f98c1c8857ce9027
x86_64
kernel-rt-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 668fb3ae72a529ba48f84bb6bea3f5c92df0c6fd32fe6d1b7e995585f5094006
kernel-rt-debug-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: f59537900f49327dcf8cf1cf0dc699e1d40ee1d65c1785c457f6850125fb5b6d
kernel-rt-debug-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: d60189a42954c534bfa42507efe0f13ca24310dee5f753ec5a437dc2b4c6b30a
kernel-rt-debug-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 4c18ad513e27e9e6b8cf532dc706902fde74ec659b0b8a16fb681253090b1a9c
kernel-rt-debug-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: b76cc81c08527a8b07e6e8fcefd92671e8a045d27aeafa8920797d41156a8055
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: ec785cfc66fe1e27dfc204571cd6cfb652325a8e553a428465ee428afbf0f2ee
kernel-rt-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: a6043f4cb868a3c4aa8530b84975a8dd40e0cb625eb578e9452cd6fa5833bb71
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 6373e8549c836fbbe2a2264d3d45ad686c7bc29917056f301a93e691e5cf993f
kernel-rt-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 2f73ac8fba05a6cc5b48bd978b9e5dd5add27c297c57d831cc2d193ba9053e95
kernel-rt-doc-3.10.0-1062.4.2.rt56.1028.el7.noarch.rpm SHA-256: df7c1a239185d66b54032ee1b69b1655aa6ae9ec942f1e2b0b9d9cd61f32f086
kernel-rt-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 16d0237ee926e6873396b3245a87ade45b38f995bf2399f59d1327414a54f5f0
kernel-rt-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: eae5b4798b9633dc215841555b7335f6fb6218670344f5d4ed48b43073deaaaa
kernel-rt-trace-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 46b50fd051c4478e54300119bb458d50d1b79a1a93ffe972d6a21676268ad128
kernel-rt-trace-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: ef22dfe0d4051f52b66906fdaf670011ee562962de90ccd5cbe15d82c2355ccc
kernel-rt-trace-devel-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 6658b7a8a3a197a354f261380b9b5f54b3259f207ac90c52ba9dfb6e7372076d
kernel-rt-trace-kvm-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 52ad8e42b2ab8bc179be3a682c48a8ead7c5432deb132848e57050b62560eaf7
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.4.2.rt56.1028.el7.x86_64.rpm SHA-256: 52b7139db6654cbf8d31c422eec6c1edd1ef6ee03725d9f5f265439f5924afbd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.