- Issued:
- 2020-03-17
- Updated:
- 2020-03-17
RHSA-2020:0839 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
- kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
- Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64
Fixes
- BZ - 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
- BZ - 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
- BZ - 1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.src.rpm | SHA-256: 260600b23f621bad0a4f225b1838317716a80ffbc1c68d87ed1bfc2659dcb33f |
| x86_64 | |
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 5d1b9649a6e9ff129219a5413a7936073bd0dc510477f3bac92f4c32ad7d9922 |
| kernel-rt-debug-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 26af068b9fd06a3ecf2e602f840b94e5cff938a27e40dc7e6ea0af3636baca26 |
| kernel-rt-debug-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 202eaa02b09f69142880aa221830c06482c3d07e26fea463ea633d0be806503d |
| kernel-rt-debug-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 93687d87b5f6a3be3e1a43b8b3ec6a12306d6684df9078caeebe5a7f0fc5d38d |
| kernel-rt-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 59fee010cfd92acaf2c366e7be50bfa0a4a8c6f8e48a9747e9f14e8a500965fe |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 49f616956ca49717eebfd094621ac4f28b8d03076e69b0be266777c27a98a6d6 |
| kernel-rt-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 1c7f8b8699b8b8e23001e88709318a35d575e2f7640bac5495040dd5af43d390 |
| kernel-rt-doc-3.10.0-1062.18.1.rt56.1044.el7.noarch.rpm | SHA-256: 346f205c2bb30ba9a2bead9e3a80b7b1e2176f71af4f00d5bcc1c65118de3213 |
| kernel-rt-trace-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 957b9a2fa24c1b474e77b1c22756804bb6d5aeac0048ac634ec0e8d1f44c6a6a |
| kernel-rt-trace-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 818f4e902384a5cc50e9f28ded2f4a41cd296f5bff7d200e280f0b4c1f834705 |
| kernel-rt-trace-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 6137c788a01d0f21c75f71d4251b796e91160be16531dd64714c4511171914e9 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.src.rpm | SHA-256: 260600b23f621bad0a4f225b1838317716a80ffbc1c68d87ed1bfc2659dcb33f |
| x86_64 | |
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 5d1b9649a6e9ff129219a5413a7936073bd0dc510477f3bac92f4c32ad7d9922 |
| kernel-rt-debug-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 26af068b9fd06a3ecf2e602f840b94e5cff938a27e40dc7e6ea0af3636baca26 |
| kernel-rt-debug-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 202eaa02b09f69142880aa221830c06482c3d07e26fea463ea633d0be806503d |
| kernel-rt-debug-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 93687d87b5f6a3be3e1a43b8b3ec6a12306d6684df9078caeebe5a7f0fc5d38d |
| kernel-rt-debug-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 924418bec231625374d51d178c96604a4cde32e94f9c10ead62162b5ed3223cd |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: a77c4a47ac559c8b792e6bb45f2d3f5f77d8aacc4fc1099a94394dea83e23c0c |
| kernel-rt-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 59fee010cfd92acaf2c366e7be50bfa0a4a8c6f8e48a9747e9f14e8a500965fe |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 49f616956ca49717eebfd094621ac4f28b8d03076e69b0be266777c27a98a6d6 |
| kernel-rt-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 1c7f8b8699b8b8e23001e88709318a35d575e2f7640bac5495040dd5af43d390 |
| kernel-rt-doc-3.10.0-1062.18.1.rt56.1044.el7.noarch.rpm | SHA-256: 346f205c2bb30ba9a2bead9e3a80b7b1e2176f71af4f00d5bcc1c65118de3213 |
| kernel-rt-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 9d2bfc3cd05b301a1b546a52dcc7cf7ae82c843c6b382a057de8e86c20ded554 |
| kernel-rt-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 48470f2790a32b91baea5a286627babe4f37d85adf0cc5cd5229adf7f0c1a53f |
| kernel-rt-trace-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 957b9a2fa24c1b474e77b1c22756804bb6d5aeac0048ac634ec0e8d1f44c6a6a |
| kernel-rt-trace-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 818f4e902384a5cc50e9f28ded2f4a41cd296f5bff7d200e280f0b4c1f834705 |
| kernel-rt-trace-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 6137c788a01d0f21c75f71d4251b796e91160be16531dd64714c4511171914e9 |
| kernel-rt-trace-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 45d08720064865da1854fb98253f741ae46075147b7e9af0959d88dfe8217dd6 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 9f38b275e2e182b3a8dd53ee98028d3521db0c36b86e46f7388a9c7b5b45d31a |
Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.src.rpm | SHA-256: 260600b23f621bad0a4f225b1838317716a80ffbc1c68d87ed1bfc2659dcb33f |
| x86_64 | |
| kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 5d1b9649a6e9ff129219a5413a7936073bd0dc510477f3bac92f4c32ad7d9922 |
| kernel-rt-debug-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 26af068b9fd06a3ecf2e602f840b94e5cff938a27e40dc7e6ea0af3636baca26 |
| kernel-rt-debug-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 202eaa02b09f69142880aa221830c06482c3d07e26fea463ea633d0be806503d |
| kernel-rt-debug-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 93687d87b5f6a3be3e1a43b8b3ec6a12306d6684df9078caeebe5a7f0fc5d38d |
| kernel-rt-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 59fee010cfd92acaf2c366e7be50bfa0a4a8c6f8e48a9747e9f14e8a500965fe |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 49f616956ca49717eebfd094621ac4f28b8d03076e69b0be266777c27a98a6d6 |
| kernel-rt-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 1c7f8b8699b8b8e23001e88709318a35d575e2f7640bac5495040dd5af43d390 |
| kernel-rt-doc-3.10.0-1062.18.1.rt56.1044.el7.noarch.rpm | SHA-256: 346f205c2bb30ba9a2bead9e3a80b7b1e2176f71af4f00d5bcc1c65118de3213 |
| kernel-rt-trace-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 957b9a2fa24c1b474e77b1c22756804bb6d5aeac0048ac634ec0e8d1f44c6a6a |
| kernel-rt-trace-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 818f4e902384a5cc50e9f28ded2f4a41cd296f5bff7d200e280f0b4c1f834705 |
| kernel-rt-trace-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm | SHA-256: 6137c788a01d0f21c75f71d4251b796e91160be16531dd64714c4511171914e9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
