Issued:: 2020-02-26
Updated:: 2020-02-26

RHSA-2020:0609 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: use-after-free in fs/xfs/xfs_super.c (CVE-2018-20976)
kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)
kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

update the MRG 2.5.z 3.10 realtime-kernel sources (BZ#1794133)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

MRG Realtime 2 x86_64

Fixes

BZ - 1710405 - CVE-2019-11085 kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation
BZ - 1743547 - CVE-2018-20976 kernel: use-after-free in fs/xfs/xfs_super.c
BZ - 1771909 - CVE-2019-17133 kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
BZ - 1774870 - CVE-2019-14895 kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.0-693.64.1.rt56.662.el6rt.src.rpm	SHA-256: 08f192f934726fce87b9513a8b2dadc783c9c0f8cabae1453ed1e46ca26b64f3
x86_64
kernel-rt-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 8225f6cfd6f2a0293ff976e3f9230e43322f6cc12df589c89921e1e429385ef9
kernel-rt-debug-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 113647c9a843608dd1570305ffac8662305e30abfbe7ebc3bfda17f9d3817478
kernel-rt-debug-debuginfo-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: f4631264535214838260ee1a5ecb8a2c0b641b98b672f3c279c1f469310f46d2
kernel-rt-debug-devel-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 092343ecb50044d6af5e0e8171e8cd9d3300134ad2179abcfaeb43e598ad5524
kernel-rt-debuginfo-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 13e6840dd4432e1659d2f20196af4891a633793386e1d846cee95bf6e7444175
kernel-rt-debuginfo-common-x86_64-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 1419466009fae905d923f88a37f3867ff0ea7d745d3620580a5a3a3ca457d12f
kernel-rt-devel-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 785b17a882de7721c94ce7a979241ea0106bead27b4f9ec311c6a9c16712ca40
kernel-rt-doc-3.10.0-693.64.1.rt56.662.el6rt.noarch.rpm	SHA-256: cc88e7fb90067db5c4b30ff50627a909dfc11abe0f7b697889a3df731c07c8fb
kernel-rt-firmware-3.10.0-693.64.1.rt56.662.el6rt.noarch.rpm	SHA-256: a40c10fe29ce40090fd2d0c347f534fab71bf3518e1e8dd6868fb0b60be6f4a0
kernel-rt-trace-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: e28ce990b810ef8d37e8b3d685504085f096b85c120d372359e20154bb67f8ab
kernel-rt-trace-debuginfo-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: a713728b6dcfb2bc772121d853a4c63206dac57698544f0097056920baa780db
kernel-rt-trace-devel-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 50b8303bc0ec88c13ce8557c918ed1fe89f4b5a54d6743656aaa5f25bcb91a7b
kernel-rt-vanilla-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: 7d4976964c89c74d9bd3babfb782634eefa9cbd05589b5758ec768f56d4b3407
kernel-rt-vanilla-debuginfo-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: daaf5a0431a241b4f5e79e9c09cfc52390b24264ac6e975f597ea1f103c58568
kernel-rt-vanilla-devel-3.10.0-693.64.1.rt56.662.el6rt.x86_64.rpm	SHA-256: abdc145d831b78c2c2ee39db15afc7d4d00d3448f8fc9e8e35b2be7de826c2d5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation