Issued:
2020-03-17
Updated:
2020-03-17

RHSA-2020:0839 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487)
  • kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
  • Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1703063 - CVE-2019-11487 kernel: Count overflow in FUSE request leading to use-after-free issues.
  • BZ - 1763690 - CVE-2019-17666 kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow
  • BZ - 1781514 - CVE-2019-19338 Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.src.rpm SHA-256: 260600b23f621bad0a4f225b1838317716a80ffbc1c68d87ed1bfc2659dcb33f
x86_64
kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 5d1b9649a6e9ff129219a5413a7936073bd0dc510477f3bac92f4c32ad7d9922
kernel-rt-debug-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 26af068b9fd06a3ecf2e602f840b94e5cff938a27e40dc7e6ea0af3636baca26
kernel-rt-debug-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 202eaa02b09f69142880aa221830c06482c3d07e26fea463ea633d0be806503d
kernel-rt-debug-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 93687d87b5f6a3be3e1a43b8b3ec6a12306d6684df9078caeebe5a7f0fc5d38d
kernel-rt-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 59fee010cfd92acaf2c366e7be50bfa0a4a8c6f8e48a9747e9f14e8a500965fe
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 49f616956ca49717eebfd094621ac4f28b8d03076e69b0be266777c27a98a6d6
kernel-rt-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 1c7f8b8699b8b8e23001e88709318a35d575e2f7640bac5495040dd5af43d390
kernel-rt-doc-3.10.0-1062.18.1.rt56.1044.el7.noarch.rpm SHA-256: 346f205c2bb30ba9a2bead9e3a80b7b1e2176f71af4f00d5bcc1c65118de3213
kernel-rt-trace-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 957b9a2fa24c1b474e77b1c22756804bb6d5aeac0048ac634ec0e8d1f44c6a6a
kernel-rt-trace-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 818f4e902384a5cc50e9f28ded2f4a41cd296f5bff7d200e280f0b4c1f834705
kernel-rt-trace-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 6137c788a01d0f21c75f71d4251b796e91160be16531dd64714c4511171914e9

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.src.rpm SHA-256: 260600b23f621bad0a4f225b1838317716a80ffbc1c68d87ed1bfc2659dcb33f
x86_64
kernel-rt-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 5d1b9649a6e9ff129219a5413a7936073bd0dc510477f3bac92f4c32ad7d9922
kernel-rt-debug-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 26af068b9fd06a3ecf2e602f840b94e5cff938a27e40dc7e6ea0af3636baca26
kernel-rt-debug-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 202eaa02b09f69142880aa221830c06482c3d07e26fea463ea633d0be806503d
kernel-rt-debug-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 93687d87b5f6a3be3e1a43b8b3ec6a12306d6684df9078caeebe5a7f0fc5d38d
kernel-rt-debug-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 924418bec231625374d51d178c96604a4cde32e94f9c10ead62162b5ed3223cd
kernel-rt-debug-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: a77c4a47ac559c8b792e6bb45f2d3f5f77d8aacc4fc1099a94394dea83e23c0c
kernel-rt-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 59fee010cfd92acaf2c366e7be50bfa0a4a8c6f8e48a9747e9f14e8a500965fe
kernel-rt-debuginfo-common-x86_64-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 49f616956ca49717eebfd094621ac4f28b8d03076e69b0be266777c27a98a6d6
kernel-rt-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 1c7f8b8699b8b8e23001e88709318a35d575e2f7640bac5495040dd5af43d390
kernel-rt-doc-3.10.0-1062.18.1.rt56.1044.el7.noarch.rpm SHA-256: 346f205c2bb30ba9a2bead9e3a80b7b1e2176f71af4f00d5bcc1c65118de3213
kernel-rt-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 9d2bfc3cd05b301a1b546a52dcc7cf7ae82c843c6b382a057de8e86c20ded554
kernel-rt-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 48470f2790a32b91baea5a286627babe4f37d85adf0cc5cd5229adf7f0c1a53f
kernel-rt-trace-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 957b9a2fa24c1b474e77b1c22756804bb6d5aeac0048ac634ec0e8d1f44c6a6a
kernel-rt-trace-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 818f4e902384a5cc50e9f28ded2f4a41cd296f5bff7d200e280f0b4c1f834705
kernel-rt-trace-devel-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 6137c788a01d0f21c75f71d4251b796e91160be16531dd64714c4511171914e9
kernel-rt-trace-kvm-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 45d08720064865da1854fb98253f741ae46075147b7e9af0959d88dfe8217dd6
kernel-rt-trace-kvm-debuginfo-3.10.0-1062.18.1.rt56.1044.el7.x86_64.rpm SHA-256: 9f38b275e2e182b3a8dd53ee98028d3521db0c36b86e46f7388a9c7b5b45d31a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.