- Issued:
- 2020-02-04
- Updated:
- 2020-02-04
RHSA-2020:0328 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
- kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
- kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
- kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
- kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814)
- kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815)
- kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)
- Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ#1780326)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1744130 - CVE-2019-14814 kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS
- BZ - 1744137 - CVE-2019-14815 kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS
- BZ - 1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
- BZ - 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
- BZ - 1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
- BZ - 1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
- BZ - 1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
- BZ - 1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
CVEs
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14895
- CVE-2019-14898
- CVE-2019-14901
- CVE-2019-17666
- CVE-2019-19338
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm | SHA-256: dade80cce3a8767186859b7edb5b610452e2cca27bd1ee2ddb4558e554867461 |
| x86_64 | |
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 148fc6701c30f943a1483bb72e4175e9ee6e1c43dd071b61c5fdd82d9a1bec1c |
| kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 69a280452759ca9d3e8b551695794a22d009dc61cf852623bc58f7f4c0f64b4f |
| kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d4c86ecebb8aeab729b77d52e789457348c5906003e8aaca1189f1d5dd022bb6 |
| kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fc0381ee842efefd19bd8186fe72cd69703d1835b43dab8febe279a21b5e88d6 |
| kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: b4e5dee495e2803f20a757f9f6b11c9b23a91c5a5c9f41701a4c6978873a3d71 |
| kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 8b43240d7731a53677562a340cde47c2d8eff8aafb7d24a2f562d37ca0894d35 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 637caeccb338631169bc7ed7b360ebec2d049099aebf87493a82d6a4002b970a |
| kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d6a0c31a8143da1388f3c76e5564ce0828b819fb9f511d8ff818c94c73110234 |
| kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 064fdafe44a0a5a6aed70efe4d1048637f1a0a33b86e965cdbba2397d203fd9e |
| kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fbfa6134b57465ca675650ef078aba1c445beb74fbf8f4a8a55d95791526b559 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 627b4e7f1b64ffa976047aeca87623c943961d2c631dccf531c97afc32f395b8 |
| kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 33666360305a28795daf2455f31b29922ec9919c13db4d93fcb06e0c664a66d1 |
| kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: a6e68d48f1352deded5e5d159b11b50f57e86f3538717a23e6ea9fec65fd1ea8 |
| kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: ffbef5e59ab2c6ff8ee67ef602ab4e7ec7160fd979644bdfede5556203e62b3a |
| kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 0970afd7e1111ad834f3cbedc2815fd49d61abfb63cfb07cb5a2613db121507a |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm | SHA-256: dade80cce3a8767186859b7edb5b610452e2cca27bd1ee2ddb4558e554867461 |
| x86_64 | |
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 148fc6701c30f943a1483bb72e4175e9ee6e1c43dd071b61c5fdd82d9a1bec1c |
| kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 69a280452759ca9d3e8b551695794a22d009dc61cf852623bc58f7f4c0f64b4f |
| kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d4c86ecebb8aeab729b77d52e789457348c5906003e8aaca1189f1d5dd022bb6 |
| kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fc0381ee842efefd19bd8186fe72cd69703d1835b43dab8febe279a21b5e88d6 |
| kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: b4e5dee495e2803f20a757f9f6b11c9b23a91c5a5c9f41701a4c6978873a3d71 |
| kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 8b43240d7731a53677562a340cde47c2d8eff8aafb7d24a2f562d37ca0894d35 |
| kernel-rt-debug-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d797684b5616f3566207797ad5a4ac110907b6fcd5ab1f526faea0e7276ae930 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 637caeccb338631169bc7ed7b360ebec2d049099aebf87493a82d6a4002b970a |
| kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d6a0c31a8143da1388f3c76e5564ce0828b819fb9f511d8ff818c94c73110234 |
| kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 064fdafe44a0a5a6aed70efe4d1048637f1a0a33b86e965cdbba2397d203fd9e |
| kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fbfa6134b57465ca675650ef078aba1c445beb74fbf8f4a8a55d95791526b559 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 627b4e7f1b64ffa976047aeca87623c943961d2c631dccf531c97afc32f395b8 |
| kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 33666360305a28795daf2455f31b29922ec9919c13db4d93fcb06e0c664a66d1 |
| kernel-rt-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: f4efee12f733c1d4312eadae0e783a0cbb6c7f78c6a5042e014c1f21dcf00a09 |
| kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: a6e68d48f1352deded5e5d159b11b50f57e86f3538717a23e6ea9fec65fd1ea8 |
| kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: ffbef5e59ab2c6ff8ee67ef602ab4e7ec7160fd979644bdfede5556203e62b3a |
| kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 0970afd7e1111ad834f3cbedc2815fd49d61abfb63cfb07cb5a2613db121507a |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm | SHA-256: dade80cce3a8767186859b7edb5b610452e2cca27bd1ee2ddb4558e554867461 |
| x86_64 | |
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 148fc6701c30f943a1483bb72e4175e9ee6e1c43dd071b61c5fdd82d9a1bec1c |
| kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 69a280452759ca9d3e8b551695794a22d009dc61cf852623bc58f7f4c0f64b4f |
| kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d4c86ecebb8aeab729b77d52e789457348c5906003e8aaca1189f1d5dd022bb6 |
| kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fc0381ee842efefd19bd8186fe72cd69703d1835b43dab8febe279a21b5e88d6 |
| kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: b4e5dee495e2803f20a757f9f6b11c9b23a91c5a5c9f41701a4c6978873a3d71 |
| kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 8b43240d7731a53677562a340cde47c2d8eff8aafb7d24a2f562d37ca0894d35 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 637caeccb338631169bc7ed7b360ebec2d049099aebf87493a82d6a4002b970a |
| kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d6a0c31a8143da1388f3c76e5564ce0828b819fb9f511d8ff818c94c73110234 |
| kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 064fdafe44a0a5a6aed70efe4d1048637f1a0a33b86e965cdbba2397d203fd9e |
| kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fbfa6134b57465ca675650ef078aba1c445beb74fbf8f4a8a55d95791526b559 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 627b4e7f1b64ffa976047aeca87623c943961d2c631dccf531c97afc32f395b8 |
| kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 33666360305a28795daf2455f31b29922ec9919c13db4d93fcb06e0c664a66d1 |
| kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: a6e68d48f1352deded5e5d159b11b50f57e86f3538717a23e6ea9fec65fd1ea8 |
| kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: ffbef5e59ab2c6ff8ee67ef602ab4e7ec7160fd979644bdfede5556203e62b3a |
| kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 0970afd7e1111ad834f3cbedc2815fd49d61abfb63cfb07cb5a2613db121507a |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.src.rpm | SHA-256: dade80cce3a8767186859b7edb5b610452e2cca27bd1ee2ddb4558e554867461 |
| x86_64 | |
| kernel-rt-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 148fc6701c30f943a1483bb72e4175e9ee6e1c43dd071b61c5fdd82d9a1bec1c |
| kernel-rt-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 69a280452759ca9d3e8b551695794a22d009dc61cf852623bc58f7f4c0f64b4f |
| kernel-rt-debug-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d4c86ecebb8aeab729b77d52e789457348c5906003e8aaca1189f1d5dd022bb6 |
| kernel-rt-debug-core-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fc0381ee842efefd19bd8186fe72cd69703d1835b43dab8febe279a21b5e88d6 |
| kernel-rt-debug-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: b4e5dee495e2803f20a757f9f6b11c9b23a91c5a5c9f41701a4c6978873a3d71 |
| kernel-rt-debug-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 8b43240d7731a53677562a340cde47c2d8eff8aafb7d24a2f562d37ca0894d35 |
| kernel-rt-debug-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d797684b5616f3566207797ad5a4ac110907b6fcd5ab1f526faea0e7276ae930 |
| kernel-rt-debug-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 637caeccb338631169bc7ed7b360ebec2d049099aebf87493a82d6a4002b970a |
| kernel-rt-debug-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: d6a0c31a8143da1388f3c76e5564ce0828b819fb9f511d8ff818c94c73110234 |
| kernel-rt-debug-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 064fdafe44a0a5a6aed70efe4d1048637f1a0a33b86e965cdbba2397d203fd9e |
| kernel-rt-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: fbfa6134b57465ca675650ef078aba1c445beb74fbf8f4a8a55d95791526b559 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 627b4e7f1b64ffa976047aeca87623c943961d2c631dccf531c97afc32f395b8 |
| kernel-rt-devel-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 33666360305a28795daf2455f31b29922ec9919c13db4d93fcb06e0c664a66d1 |
| kernel-rt-kvm-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: f4efee12f733c1d4312eadae0e783a0cbb6c7f78c6a5042e014c1f21dcf00a09 |
| kernel-rt-kvm-debuginfo-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: a6e68d48f1352deded5e5d159b11b50f57e86f3538717a23e6ea9fec65fd1ea8 |
| kernel-rt-modules-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: ffbef5e59ab2c6ff8ee67ef602ab4e7ec7160fd979644bdfede5556203e62b3a |
| kernel-rt-modules-extra-4.18.0-147.5.1.rt24.98.el8_1.x86_64.rpm | SHA-256: 0970afd7e1111ad834f3cbedc2815fd49d61abfb63cfb07cb5a2613db121507a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.