- Issued:
- 2020-02-04
- Updated:
- 2020-02-04
RHSA-2020:0375 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
- kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
- kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
- kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
- kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)
- kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)
- kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)
- kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1744149 - CVE-2019-14816 kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver
- BZ - 1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
- BZ - 1773519 - CVE-2019-14901 kernel: heap overflow in marvell/mwifiex/tdls.c
- BZ - 1774671 - CVE-2019-14898 kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599
- BZ - 1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c
- BZ - 1781157 - kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement [rhel-7.7.z]
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.src.rpm | SHA-256: 2206291f53df9cb037b4ff620d846c493ea24c492ef0bec816a2c8a56e80ec4c |
| x86_64 | |
| kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 6bfdffb3159a06399a9b2ad460cc18ab28b14c74215b9875fed37d54505cdb7f |
| kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: fc357901fe9f8ba769eaa6d31c6b5e120e35bf28162b5f469a2f6c72d6c42d7f |
| kernel-rt-debug-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 21f68ba3463bee5241f18b81c901dce53b2264b5b3d8d9cca7e661311bd3450e |
| kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 5a41463340ffa94f3c61641a45d24a91fba831c49b165e5d0e7192d23cf1c6f6 |
| kernel-rt-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 1efc6c156f0eaa181b5bbf85aa92a17fe6b4540078fe5629f15c2c549e775498 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: c12da8caac91fd7b72edce1c186fb2bc67a6fb17a87ea4cc170290188a927d9d |
| kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 8e9b46bf9caa6fa17334bb6dcf2426133e828fe87b4b61117fd287a001cd9bfd |
| kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7.noarch.rpm | SHA-256: 92cadbe3d4bde149428bea6c224d9f1b305188077a4de46c3064a674f015202a |
| kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: c2d1feee55e815c7052f1665a24682065c4ae86f250834e517fa534dc4270096 |
| kernel-rt-trace-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: b21d8c1313d64d48ed3e74a583ab5a43126b0658c215ca8bd91887bdb4e9ffa4 |
| kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: bce9e8196389d39f278f964cf265baea44695fda761274cbbeeaf44ad8a0ab54 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.src.rpm | SHA-256: 2206291f53df9cb037b4ff620d846c493ea24c492ef0bec816a2c8a56e80ec4c |
| x86_64 | |
| kernel-rt-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 6bfdffb3159a06399a9b2ad460cc18ab28b14c74215b9875fed37d54505cdb7f |
| kernel-rt-debug-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: fc357901fe9f8ba769eaa6d31c6b5e120e35bf28162b5f469a2f6c72d6c42d7f |
| kernel-rt-debug-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 21f68ba3463bee5241f18b81c901dce53b2264b5b3d8d9cca7e661311bd3450e |
| kernel-rt-debug-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 5a41463340ffa94f3c61641a45d24a91fba831c49b165e5d0e7192d23cf1c6f6 |
| kernel-rt-debug-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: f8e6d266c992c542e886bca65ca11a699d2c513f0f7c0ea2166ed97bb42f30e0 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: db259455bd61e4a4fa3b508278834cdbe867c4ce76e93924856b086e7f254a6f |
| kernel-rt-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 1efc6c156f0eaa181b5bbf85aa92a17fe6b4540078fe5629f15c2c549e775498 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: c12da8caac91fd7b72edce1c186fb2bc67a6fb17a87ea4cc170290188a927d9d |
| kernel-rt-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 8e9b46bf9caa6fa17334bb6dcf2426133e828fe87b4b61117fd287a001cd9bfd |
| kernel-rt-doc-3.10.0-1062.12.1.rt56.1042.el7.noarch.rpm | SHA-256: 92cadbe3d4bde149428bea6c224d9f1b305188077a4de46c3064a674f015202a |
| kernel-rt-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: 5872d77b4d60d773e2d168dc09ea1f72754dbb2599333cdcaa12b5f75e380d30 |
| kernel-rt-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: d545d07d854d7bf77b2e2fbc75860e72d1487429b1bbff02eb445ed18d68475f |
| kernel-rt-trace-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: c2d1feee55e815c7052f1665a24682065c4ae86f250834e517fa534dc4270096 |
| kernel-rt-trace-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: b21d8c1313d64d48ed3e74a583ab5a43126b0658c215ca8bd91887bdb4e9ffa4 |
| kernel-rt-trace-devel-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: bce9e8196389d39f278f964cf265baea44695fda761274cbbeeaf44ad8a0ab54 |
| kernel-rt-trace-kvm-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: d7367460697b0a6cbcf9a6711dca1b790d6a423a382855d7725eadecc23577ba |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1062.12.1.rt56.1042.el7.x86_64.rpm | SHA-256: ab2b66796861a2a544edacda03fe629308f6eaf78cc4beabdf4a126d11689007 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.