- Issued:
- 2020-04-28
- Updated:
- 2020-04-28
RHSA-2020:1567 - Security Advisory
Synopsis
Important: kernel-rt security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)
- kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871)
- kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980)
- kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053)
- kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055)
- kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805)
- kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534)
- kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749)
- Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639)
- kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090)
- kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099)
- kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221)
- kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057)
- kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073)
- kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074)
- kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716)
- KVM-RT guest fails boot with emulatorsched (BZ#1712781)
- 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165)
- Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352)
- RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284)
- [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871)
Enhancement(s):
- update to the upstream 5.x RT patchset (BZ#1680161)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence
- BZ - 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service
- BZ - 1708716 - RT: update RT source tree to the RHEL-8.2 tree
- BZ - 1712781 - KVM-RT guest fails boot with emulatorsched
- BZ - 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR
- BZ - 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure
- BZ - 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash
- BZ - 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c
- BZ - 1757165 - 8 vCPU guest need max latency < 20 us with stress [RT-8.2]
- BZ - 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol.
- BZ - 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol.
- BZ - 1768730 - [kernel-rt-debug] BUG: MAX_LOCKDEP_CHAINS too low!
- BZ - 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c
- BZ - 1772738 - kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement
- BZ - 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS
- BZ - 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS)
- BZ - 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS
- BZ - 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
- BZ - 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
- BZ - 1788352 - Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8]
- BZ - 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications
- BZ - 1796284 - RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package
- BZ - 1806871 - [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot
- BZ - 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel.
CVEs
- CVE-2018-16871
- CVE-2019-8980
- CVE-2019-10639
- CVE-2019-12819
- CVE-2019-15090
- CVE-2019-15099
- CVE-2019-15221
- CVE-2019-15223
- CVE-2019-16234
- CVE-2019-17053
- CVE-2019-17055
- CVE-2019-18282
- CVE-2019-18805
- CVE-2019-19045
- CVE-2019-19047
- CVE-2019-19055
- CVE-2019-19057
- CVE-2019-19058
- CVE-2019-19059
- CVE-2019-19065
- CVE-2019-19067
- CVE-2019-19073
- CVE-2019-19074
- CVE-2019-19077
- CVE-2019-19532
- CVE-2019-19534
- CVE-2019-19768
- CVE-2019-19922
- CVE-2020-1749
- CVE-2020-7053
- CVE-2020-10690
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.rt13.51.el8.src.rpm | SHA-256: 5965298a699255a842d6d059588fee859695e26fcbff6d314093b6cbf167b145 |
| x86_64 | |
| kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fa91b9a4fc9d02549c639835eb8b6cdaf89f2ad69cbefc335c0055341294d772 |
| kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: caa02443e133f53a13bd2ae1daed8018d6ef06e6134b48fd250d9b1ed1919fad |
| kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: bc09a05df325dfd99daedefa3c73fea0fd6562623984c47eb82f8972a8a6f7cc |
| kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 4e45c7b6999554df3bfd2157ef6416f4949047d27d393e33214ab7968474e63a |
| kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: e9634b0efc2bdc3dbe2eef033401810deff86002249e6caf135ad902bf02089c |
| kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 599d236b7042b5ce858323991e7d9c4af41a31e7246c669dfd583f226a51a386 |
| kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: a7cb4aaa80bd6c9cb078dd26f93a0805369c62ab3d0d9bb57cd3dcb4b2e9a186 |
| kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 7aa26b5ab796bae0e2cd12457ce0c0fadafda30b28925be5d1eac8f12d902b11 |
| kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 6b9c1949d85a94b3c40de330403e71135ec87e2d1424cb0ad5237b7b9252058e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 455e1e3a636db92512276e9728fb113826cb316ff04f6507d5a358282dfb48a3 |
| kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 31f1f7150d08ffb062a0be12130ef7a8e329b464e7d5b6c9bc12593b9c813847 |
| kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fe3eb92878d893f311d31340295f1dbf2abcbfa880865d9c24ab783e570445fc |
| kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 16669e5a325ad69050e575b6be6e7284f3666ab58030889204cb4dd7f72b5ef8 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.rt13.51.el8.src.rpm | SHA-256: 5965298a699255a842d6d059588fee859695e26fcbff6d314093b6cbf167b145 |
| x86_64 | |
| kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fa91b9a4fc9d02549c639835eb8b6cdaf89f2ad69cbefc335c0055341294d772 |
| kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: caa02443e133f53a13bd2ae1daed8018d6ef06e6134b48fd250d9b1ed1919fad |
| kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: bc09a05df325dfd99daedefa3c73fea0fd6562623984c47eb82f8972a8a6f7cc |
| kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 4e45c7b6999554df3bfd2157ef6416f4949047d27d393e33214ab7968474e63a |
| kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: e9634b0efc2bdc3dbe2eef033401810deff86002249e6caf135ad902bf02089c |
| kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 599d236b7042b5ce858323991e7d9c4af41a31e7246c669dfd583f226a51a386 |
| kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: b1b5254ecf511ce5f745e909a000119289ee89b600f0dd0917350ed5bafe3aa3 |
| kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: a7cb4aaa80bd6c9cb078dd26f93a0805369c62ab3d0d9bb57cd3dcb4b2e9a186 |
| kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 7aa26b5ab796bae0e2cd12457ce0c0fadafda30b28925be5d1eac8f12d902b11 |
| kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 6b9c1949d85a94b3c40de330403e71135ec87e2d1424cb0ad5237b7b9252058e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 455e1e3a636db92512276e9728fb113826cb316ff04f6507d5a358282dfb48a3 |
| kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 31f1f7150d08ffb062a0be12130ef7a8e329b464e7d5b6c9bc12593b9c813847 |
| kernel-rt-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 01d7ed87bdb77847121d56d985bc83635f386aafcfdee5706af56a67c48d5187 |
| kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fe3eb92878d893f311d31340295f1dbf2abcbfa880865d9c24ab783e570445fc |
| kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 16669e5a325ad69050e575b6be6e7284f3666ab58030889204cb4dd7f72b5ef8 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.rt13.51.el8.src.rpm | SHA-256: 5965298a699255a842d6d059588fee859695e26fcbff6d314093b6cbf167b145 |
| x86_64 | |
| kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fa91b9a4fc9d02549c639835eb8b6cdaf89f2ad69cbefc335c0055341294d772 |
| kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: caa02443e133f53a13bd2ae1daed8018d6ef06e6134b48fd250d9b1ed1919fad |
| kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: bc09a05df325dfd99daedefa3c73fea0fd6562623984c47eb82f8972a8a6f7cc |
| kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 4e45c7b6999554df3bfd2157ef6416f4949047d27d393e33214ab7968474e63a |
| kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: e9634b0efc2bdc3dbe2eef033401810deff86002249e6caf135ad902bf02089c |
| kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 599d236b7042b5ce858323991e7d9c4af41a31e7246c669dfd583f226a51a386 |
| kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: a7cb4aaa80bd6c9cb078dd26f93a0805369c62ab3d0d9bb57cd3dcb4b2e9a186 |
| kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 7aa26b5ab796bae0e2cd12457ce0c0fadafda30b28925be5d1eac8f12d902b11 |
| kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 6b9c1949d85a94b3c40de330403e71135ec87e2d1424cb0ad5237b7b9252058e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 455e1e3a636db92512276e9728fb113826cb316ff04f6507d5a358282dfb48a3 |
| kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 31f1f7150d08ffb062a0be12130ef7a8e329b464e7d5b6c9bc12593b9c813847 |
| kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fe3eb92878d893f311d31340295f1dbf2abcbfa880865d9c24ab783e570445fc |
| kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 16669e5a325ad69050e575b6be6e7284f3666ab58030889204cb4dd7f72b5ef8 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.rt13.51.el8.src.rpm | SHA-256: 5965298a699255a842d6d059588fee859695e26fcbff6d314093b6cbf167b145 |
| x86_64 | |
| kernel-rt-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fa91b9a4fc9d02549c639835eb8b6cdaf89f2ad69cbefc335c0055341294d772 |
| kernel-rt-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: caa02443e133f53a13bd2ae1daed8018d6ef06e6134b48fd250d9b1ed1919fad |
| kernel-rt-debug-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: bc09a05df325dfd99daedefa3c73fea0fd6562623984c47eb82f8972a8a6f7cc |
| kernel-rt-debug-core-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 4e45c7b6999554df3bfd2157ef6416f4949047d27d393e33214ab7968474e63a |
| kernel-rt-debug-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: e9634b0efc2bdc3dbe2eef033401810deff86002249e6caf135ad902bf02089c |
| kernel-rt-debug-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 599d236b7042b5ce858323991e7d9c4af41a31e7246c669dfd583f226a51a386 |
| kernel-rt-debug-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: b1b5254ecf511ce5f745e909a000119289ee89b600f0dd0917350ed5bafe3aa3 |
| kernel-rt-debug-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: a7cb4aaa80bd6c9cb078dd26f93a0805369c62ab3d0d9bb57cd3dcb4b2e9a186 |
| kernel-rt-debug-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 7aa26b5ab796bae0e2cd12457ce0c0fadafda30b28925be5d1eac8f12d902b11 |
| kernel-rt-debuginfo-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 6b9c1949d85a94b3c40de330403e71135ec87e2d1424cb0ad5237b7b9252058e |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 455e1e3a636db92512276e9728fb113826cb316ff04f6507d5a358282dfb48a3 |
| kernel-rt-devel-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 31f1f7150d08ffb062a0be12130ef7a8e329b464e7d5b6c9bc12593b9c813847 |
| kernel-rt-kvm-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 01d7ed87bdb77847121d56d985bc83635f386aafcfdee5706af56a67c48d5187 |
| kernel-rt-modules-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: fe3eb92878d893f311d31340295f1dbf2abcbfa880865d9c24ab783e570445fc |
| kernel-rt-modules-extra-4.18.0-193.rt13.51.el8.x86_64.rpm | SHA-256: 16669e5a325ad69050e575b6be6e7284f3666ab58030889204cb4dd7f72b5ef8 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.