Red Hat Product Errata RHSA-2020:0028 - Security Advisory
Issued:
2020-01-06
Updated:
2020-01-06

RHSA-2020:0028 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207)
  • hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

Fixes

  • BZ - 1646768 - CVE-2018-12207 hw: Machine Check Error on Page Size Change (IFU)
  • BZ - 1753062 - CVE-2019-11135 hw: TSX Transaction Asynchronous Abort (TAA)

Red Hat Enterprise Linux Server 7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux for Power, little endian 7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
ppc64le

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
ppc64le

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
x86_64
kpatch-patch-3_10_0-1062-1-9.el7.x86_64.rpm SHA-256: 03fdf77caf6ac880710fe4b8c4d960f65e9a3fa94dc4c817c71dcd902a3046f5
kpatch-patch-3_10_0-1062-debuginfo-1-9.el7.x86_64.rpm SHA-256: 9e1520049a34b2827a1b2f8e6b0f9456937e2769b387bd0d5e5126fbecfefdd9
kpatch-patch-3_10_0-1062_1_1-1-8.el7.x86_64.rpm SHA-256: 1852235df5f488557dd26f2dfa19f2b69af39961841801732088cf92f3dd9cc2
kpatch-patch-3_10_0-1062_1_1-debuginfo-1-8.el7.x86_64.rpm SHA-256: 551670487ed58aed2c40ce0d45220c386a38f5531f2486781fccea7ef7e22c2b
kpatch-patch-3_10_0-1062_1_2-1-7.el7.x86_64.rpm SHA-256: b0cce33fc4c6325ad6a82df2a741abfc163841fc51cf355bd4d85c192f692d26
kpatch-patch-3_10_0-1062_1_2-debuginfo-1-7.el7.x86_64.rpm SHA-256: 6fcb51de4b3ff19a53626b34f4ac7b0387ea9fb070506d87b79a2389759dee8f
kpatch-patch-3_10_0-1062_4_1-1-4.el7.x86_64.rpm SHA-256: a16c621319b82a7fbec473053c9b2e92a93a1cefc992e402728936c53d002960
kpatch-patch-3_10_0-1062_4_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 016dc1d2f4520afe2309259891a43620b20d20bc13088044e70d154308757f04

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
kpatch-patch-3_10_0-1062-1-9.el7.src.rpm SHA-256: de72cd7dcfc3d78096cba4b62cf7ad47f0d2cccf3659c6faef7f2355ff72c562
kpatch-patch-3_10_0-1062_1_1-1-8.el7.src.rpm SHA-256: beafd8a624b253867dc6254e3399139a073f500563fd990ee3275349a335eef2
kpatch-patch-3_10_0-1062_1_2-1-7.el7.src.rpm SHA-256: 0aee2cc43c0a12917ae9304228bbe0008139286f9fa2f8027f53c95a17dd0de3
kpatch-patch-3_10_0-1062_4_1-1-4.el7.src.rpm SHA-256: db18cdcfcdd7aed8c29f19be2d796c4f704c245101cd5aa8f124df6bd9497dc6
ppc64le

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.