Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

• Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
  
• kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for Real Time 7 x86_64
• Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

• BZ - 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
• BZ - 1747353 - CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation
• BZ - 1762889 - kernel-rt: update to the RHEL7.7.z batch#3 source tree

CVEs

• CVE-2019-14821
• CVE-2019-15239

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm	SHA-256: be5a447bae5ee7249d42d7843e5cf11fec2597b1ad4ea3a8826e3984cb4b6418
x86_64
kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 5a0204820b5ee6d09591b6522b0d640cb05efc03313df36133dccc0231b5f514
kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: a36cf500d112b94673e81e84fa122e6983ce3678cc51e97303e3d41074d9d5ea
kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 013afa74b0f2ce32537cfda7e8cd8fde2952cc6bde06e321d8d0186c02d3a0d0
kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 0f638c1f854848be95aa6bd681e899eb9f821af607300b3d8d3117b6662f03db
kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 45224bf18318ec2f9a7533a65a4a02f50da76eea386d6d2cb939655b41658f68
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 70c290a50c435f76b0d8dadefef7bb4080ca4af2b657812b48f2b409465c0122
kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: be10ef597a546265874ba4184c91379c01d29bfee5e216237a4e31f1e7ba8b72
kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm	SHA-256: 6b4baefdd93490e09e0b39cd7473c72477601870260eb1d71ac1ee2af103eb2d
kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: d688d288c643f141afb6d15b8d16f34faec78ad2ccfda6bf9c4fd7436399905f
kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: ac9bd3197e9da22119c07ad9b24adc91c7ed2c3bbb69ae404eca46516f7f0ff9
kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 95037fade3507d584c72376fc2b6cdf70c07630d6513a9f23782cdaba67d38c8

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm	SHA-256: be5a447bae5ee7249d42d7843e5cf11fec2597b1ad4ea3a8826e3984cb4b6418
x86_64
kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 5a0204820b5ee6d09591b6522b0d640cb05efc03313df36133dccc0231b5f514
kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: a36cf500d112b94673e81e84fa122e6983ce3678cc51e97303e3d41074d9d5ea
kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 013afa74b0f2ce32537cfda7e8cd8fde2952cc6bde06e321d8d0186c02d3a0d0
kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 0f638c1f854848be95aa6bd681e899eb9f821af607300b3d8d3117b6662f03db
kernel-rt-debug-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 9c743ffa9b3b2e847170067007d6ebc6712517dc1154a02bfbfe383a44b3185d
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: f1a50b8f5b98079da9fa42ed153cadac829282f0e855aa14aa8597403d21b9ba
kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 45224bf18318ec2f9a7533a65a4a02f50da76eea386d6d2cb939655b41658f68
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 70c290a50c435f76b0d8dadefef7bb4080ca4af2b657812b48f2b409465c0122
kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: be10ef597a546265874ba4184c91379c01d29bfee5e216237a4e31f1e7ba8b72
kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm	SHA-256: 6b4baefdd93490e09e0b39cd7473c72477601870260eb1d71ac1ee2af103eb2d
kernel-rt-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 79aefe42c547f6b537d548d9131c78100357098083357bd633924e25a7ef36be
kernel-rt-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 50cc6b4570de62ca14cd1a5137ef0beaef351ed39a2601985c478530ad5b507d
kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: d688d288c643f141afb6d15b8d16f34faec78ad2ccfda6bf9c4fd7436399905f
kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: ac9bd3197e9da22119c07ad9b24adc91c7ed2c3bbb69ae404eca46516f7f0ff9
kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 95037fade3507d584c72376fc2b6cdf70c07630d6513a9f23782cdaba67d38c8
kernel-rt-trace-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 6942af9eb23c0b528a5da0349d2a8f24c61af3c38f2467c1371bf92645c8c943
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm	SHA-256: 5a8d05cf44b85d0a3047aef3a9d5b8dc31a2680cec0a92e095bc755469762031