Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

• hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
  
• hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
• Red Hat Enterprise Linux Server - AUS 7.6 x86_64
• Red Hat Enterprise Linux Server - TUS 7.6 x86_64
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64

Fixes

• BZ - 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)
• BZ - 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

CVEs

• CVE-2018-12207
• CVE-2019-11135

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/ifu-page-mce
• https://access.redhat.com/solutions/tsx-asynchronousabort

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
x86_64
kpatch-patch-3_10_0-957_35_1-1-5.el7.x86_64.rpm	SHA-256: 9848bf70614d8ea774c94ac3ac106bdb5ac0030ce17b94b8f5993c32ebacd4ff
kpatch-patch-3_10_0-957_35_1-debuginfo-1-5.el7.x86_64.rpm	SHA-256: e93fd578955b7cd844fa486282053b838e4528fb74ec439d98b9c08caa489800
kpatch-patch-3_10_0-957_35_2-1-4.el7.x86_64.rpm	SHA-256: 63c270c19e147457817b89af1e4656da77f16aeae59b8dbabbfef492f883d87a
kpatch-patch-3_10_0-957_35_2-debuginfo-1-4.el7.x86_64.rpm	SHA-256: 59cb2138c1b0c73329a4088af486babf6c33c02b8e85021aaf45dc4e1b22e52d
kpatch-patch-3_10_0-957_38_1-1-3.el7.x86_64.rpm	SHA-256: 1dff958ab061eec9d0ed3bca2f569ff2002302e0e79d3ed0f9ceba54149849de
kpatch-patch-3_10_0-957_38_1-debuginfo-1-3.el7.x86_64.rpm	SHA-256: d284ffb13eef221022941910e2d27118aa1cf9af492402195b2b41e0842f5ec6

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
x86_64
kpatch-patch-3_10_0-957_35_1-1-5.el7.x86_64.rpm	SHA-256: 9848bf70614d8ea774c94ac3ac106bdb5ac0030ce17b94b8f5993c32ebacd4ff
kpatch-patch-3_10_0-957_35_1-debuginfo-1-5.el7.x86_64.rpm	SHA-256: e93fd578955b7cd844fa486282053b838e4528fb74ec439d98b9c08caa489800
kpatch-patch-3_10_0-957_35_2-1-4.el7.x86_64.rpm	SHA-256: 63c270c19e147457817b89af1e4656da77f16aeae59b8dbabbfef492f883d87a
kpatch-patch-3_10_0-957_35_2-debuginfo-1-4.el7.x86_64.rpm	SHA-256: 59cb2138c1b0c73329a4088af486babf6c33c02b8e85021aaf45dc4e1b22e52d
kpatch-patch-3_10_0-957_38_1-1-3.el7.x86_64.rpm	SHA-256: 1dff958ab061eec9d0ed3bca2f569ff2002302e0e79d3ed0f9ceba54149849de
kpatch-patch-3_10_0-957_38_1-debuginfo-1-3.el7.x86_64.rpm	SHA-256: d284ffb13eef221022941910e2d27118aa1cf9af492402195b2b41e0842f5ec6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
ppc64le

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
x86_64
kpatch-patch-3_10_0-957_35_1-1-5.el7.x86_64.rpm	SHA-256: 9848bf70614d8ea774c94ac3ac106bdb5ac0030ce17b94b8f5993c32ebacd4ff
kpatch-patch-3_10_0-957_35_1-debuginfo-1-5.el7.x86_64.rpm	SHA-256: e93fd578955b7cd844fa486282053b838e4528fb74ec439d98b9c08caa489800
kpatch-patch-3_10_0-957_35_2-1-4.el7.x86_64.rpm	SHA-256: 63c270c19e147457817b89af1e4656da77f16aeae59b8dbabbfef492f883d87a
kpatch-patch-3_10_0-957_35_2-debuginfo-1-4.el7.x86_64.rpm	SHA-256: 59cb2138c1b0c73329a4088af486babf6c33c02b8e85021aaf45dc4e1b22e52d
kpatch-patch-3_10_0-957_38_1-1-3.el7.x86_64.rpm	SHA-256: 1dff958ab061eec9d0ed3bca2f569ff2002302e0e79d3ed0f9ceba54149849de
kpatch-patch-3_10_0-957_38_1-debuginfo-1-3.el7.x86_64.rpm	SHA-256: d284ffb13eef221022941910e2d27118aa1cf9af492402195b2b41e0842f5ec6

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
ppc64le

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6

SRPM
kpatch-patch-3_10_0-957_35_1-1-5.el7.src.rpm	SHA-256: 4ae433217ec999881427f585747359b5e8c18f66e8ddf8e0bfc2187181bd8d1e
kpatch-patch-3_10_0-957_35_2-1-4.el7.src.rpm	SHA-256: 00ca2833ba02d1eafc3cf2d90f11d5e0588cbeca0f6c56350a8772aa2562f397
kpatch-patch-3_10_0-957_38_1-1-3.el7.src.rpm	SHA-256: b6b9d49f3e5c21e7854dddc4a7838a08078abff86273089e54e9641d52f46801
x86_64
kpatch-patch-3_10_0-957_35_1-1-5.el7.x86_64.rpm	SHA-256: 9848bf70614d8ea774c94ac3ac106bdb5ac0030ce17b94b8f5993c32ebacd4ff
kpatch-patch-3_10_0-957_35_1-debuginfo-1-5.el7.x86_64.rpm	SHA-256: e93fd578955b7cd844fa486282053b838e4528fb74ec439d98b9c08caa489800
kpatch-patch-3_10_0-957_35_2-1-4.el7.x86_64.rpm	SHA-256: 63c270c19e147457817b89af1e4656da77f16aeae59b8dbabbfef492f883d87a
kpatch-patch-3_10_0-957_35_2-debuginfo-1-4.el7.x86_64.rpm	SHA-256: 59cb2138c1b0c73329a4088af486babf6c33c02b8e85021aaf45dc4e1b22e52d
kpatch-patch-3_10_0-957_38_1-1-3.el7.x86_64.rpm	SHA-256: 1dff958ab061eec9d0ed3bca2f569ff2002302e0e79d3ed0f9ceba54149849de
kpatch-patch-3_10_0-957_38_1-debuginfo-1-3.el7.x86_64.rpm	SHA-256: d284ffb13eef221022941910e2d27118aa1cf9af492402195b2b41e0842f5ec6