- Issued:
- 2019-11-26
- Updated:
- 2019-11-26
RHSA-2019:3978 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)
- kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1746708 - CVE-2019-14821 Kernel: KVM: OOB memory access via mmio ring buffer
- BZ - 1747353 - CVE-2019-15239 kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation
- BZ - 1762889 - kernel-rt: update to the RHEL7.7.z batch#3 source tree
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm | SHA-256: be5a447bae5ee7249d42d7843e5cf11fec2597b1ad4ea3a8826e3984cb4b6418 |
| x86_64 | |
| kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 5a0204820b5ee6d09591b6522b0d640cb05efc03313df36133dccc0231b5f514 |
| kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: a36cf500d112b94673e81e84fa122e6983ce3678cc51e97303e3d41074d9d5ea |
| kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 013afa74b0f2ce32537cfda7e8cd8fde2952cc6bde06e321d8d0186c02d3a0d0 |
| kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 0f638c1f854848be95aa6bd681e899eb9f821af607300b3d8d3117b6662f03db |
| kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 45224bf18318ec2f9a7533a65a4a02f50da76eea386d6d2cb939655b41658f68 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 70c290a50c435f76b0d8dadefef7bb4080ca4af2b657812b48f2b409465c0122 |
| kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: be10ef597a546265874ba4184c91379c01d29bfee5e216237a4e31f1e7ba8b72 |
| kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm | SHA-256: 6b4baefdd93490e09e0b39cd7473c72477601870260eb1d71ac1ee2af103eb2d |
| kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: d688d288c643f141afb6d15b8d16f34faec78ad2ccfda6bf9c4fd7436399905f |
| kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: ac9bd3197e9da22119c07ad9b24adc91c7ed2c3bbb69ae404eca46516f7f0ff9 |
| kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 95037fade3507d584c72376fc2b6cdf70c07630d6513a9f23782cdaba67d38c8 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.src.rpm | SHA-256: be5a447bae5ee7249d42d7843e5cf11fec2597b1ad4ea3a8826e3984cb4b6418 |
| x86_64 | |
| kernel-rt-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 5a0204820b5ee6d09591b6522b0d640cb05efc03313df36133dccc0231b5f514 |
| kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: a36cf500d112b94673e81e84fa122e6983ce3678cc51e97303e3d41074d9d5ea |
| kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 013afa74b0f2ce32537cfda7e8cd8fde2952cc6bde06e321d8d0186c02d3a0d0 |
| kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 0f638c1f854848be95aa6bd681e899eb9f821af607300b3d8d3117b6662f03db |
| kernel-rt-debug-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 9c743ffa9b3b2e847170067007d6ebc6712517dc1154a02bfbfe383a44b3185d |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: f1a50b8f5b98079da9fa42ed153cadac829282f0e855aa14aa8597403d21b9ba |
| kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 45224bf18318ec2f9a7533a65a4a02f50da76eea386d6d2cb939655b41658f68 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 70c290a50c435f76b0d8dadefef7bb4080ca4af2b657812b48f2b409465c0122 |
| kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: be10ef597a546265874ba4184c91379c01d29bfee5e216237a4e31f1e7ba8b72 |
| kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7.noarch.rpm | SHA-256: 6b4baefdd93490e09e0b39cd7473c72477601870260eb1d71ac1ee2af103eb2d |
| kernel-rt-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 79aefe42c547f6b537d548d9131c78100357098083357bd633924e25a7ef36be |
| kernel-rt-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 50cc6b4570de62ca14cd1a5137ef0beaef351ed39a2601985c478530ad5b507d |
| kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: d688d288c643f141afb6d15b8d16f34faec78ad2ccfda6bf9c4fd7436399905f |
| kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: ac9bd3197e9da22119c07ad9b24adc91c7ed2c3bbb69ae404eca46516f7f0ff9 |
| kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 95037fade3507d584c72376fc2b6cdf70c07630d6513a9f23782cdaba67d38c8 |
| kernel-rt-trace-kvm-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 6942af9eb23c0b528a5da0349d2a8f24c61af3c38f2467c1371bf92645c8c943 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7.x86_64.rpm | SHA-256: 5a8d05cf44b85d0a3047aef3a9d5b8dc31a2680cec0a92e095bc755469762031 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.