- Issued:
- 2020-05-12
- Updated:
- 2020-05-12
RHSA-2020:2085 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595)
- kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768)
- Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the RHEL7.8.z batch#1 source tree (BZ#1812282)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1758671 - CVE-2017-18595 kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c
- BZ - 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c
- BZ - 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.8.2.rt56.1103.el7.src.rpm | SHA-256: 50c0de63225c8ade6ea1fba0bc17538929857ae666cb95cfd4d3ede1b2f14c13 |
| x86_64 | |
| kernel-rt-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 37131e26f18755956054cdc4ff232cb1c00bfb5e6190c5aa6815afb4b7772829 |
| kernel-rt-debug-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 03fd00f2b3f2fe8e5d8e0afd8921d6636896151aa53a85420eda30ba2d05b7df |
| kernel-rt-debug-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: e1b7c4e5d49bf3abe132f29e429483ea22d339be48acc29ced483fc9da55749c |
| kernel-rt-debug-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: c14396648b8b6b3a321f0713296347ff99528ea889f8d60503c27997542dcb45 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 2c587860d9e75fd67d80280911984bf1dd1fb0f5b6fc3b04e07f78218d224591 |
| kernel-rt-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: d11486032a2cf98c0523b9b6e4dc21d6e07d279dbd1a197fd3f6c1fe034de43a |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 697718d059ea19c127a749750e669fdf32ccfedfec4401d841e8644f9f24b76a |
| kernel-rt-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 63fca60a9bd8c4f0a60635bf463ea308081a2a1153f3330206880369ea75d49f |
| kernel-rt-doc-3.10.0-1127.8.2.rt56.1103.el7.noarch.rpm | SHA-256: fdc44199b8542ae7e63171553b24cc31e1e69dca609b20f897d154aef375ff6d |
| kernel-rt-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 8b8ede319715847e413da8c6237f52bd2dd5966dc3d22ff8789bc33d1f5e47fd |
| kernel-rt-trace-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 52eacbb74acc4a28c475e281d14eec15e2a4cea010dc22da2a6047525cacb39f |
| kernel-rt-trace-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 8d1c784002f6e8bfe7c44e02426e5f0b8872c4ceb1dcdf6bbfc15ed840c3141a |
| kernel-rt-trace-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 53eb40b25d1367d28893a0b34f507f12a0a78280a00c2329d69dde1110614b2e |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 12b9c9ee4e36624602a7169a664e0022ec2d4653fd6da36175b43c70fad7bfa2 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.8.2.rt56.1103.el7.src.rpm | SHA-256: 50c0de63225c8ade6ea1fba0bc17538929857ae666cb95cfd4d3ede1b2f14c13 |
| x86_64 | |
| kernel-rt-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 37131e26f18755956054cdc4ff232cb1c00bfb5e6190c5aa6815afb4b7772829 |
| kernel-rt-debug-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 03fd00f2b3f2fe8e5d8e0afd8921d6636896151aa53a85420eda30ba2d05b7df |
| kernel-rt-debug-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: e1b7c4e5d49bf3abe132f29e429483ea22d339be48acc29ced483fc9da55749c |
| kernel-rt-debug-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: c14396648b8b6b3a321f0713296347ff99528ea889f8d60503c27997542dcb45 |
| kernel-rt-debug-kvm-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 778be6af3b6a310eb23cdaa40ebedfa0252db3aba3435fdaca0995a824915e85 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 2c587860d9e75fd67d80280911984bf1dd1fb0f5b6fc3b04e07f78218d224591 |
| kernel-rt-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: d11486032a2cf98c0523b9b6e4dc21d6e07d279dbd1a197fd3f6c1fe034de43a |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 697718d059ea19c127a749750e669fdf32ccfedfec4401d841e8644f9f24b76a |
| kernel-rt-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 63fca60a9bd8c4f0a60635bf463ea308081a2a1153f3330206880369ea75d49f |
| kernel-rt-doc-3.10.0-1127.8.2.rt56.1103.el7.noarch.rpm | SHA-256: fdc44199b8542ae7e63171553b24cc31e1e69dca609b20f897d154aef375ff6d |
| kernel-rt-kvm-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: d5496a8e4132331b58dfd7156c97e0abd366e215b0a2441573f1ef5879c75aa2 |
| kernel-rt-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 8b8ede319715847e413da8c6237f52bd2dd5966dc3d22ff8789bc33d1f5e47fd |
| kernel-rt-trace-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 52eacbb74acc4a28c475e281d14eec15e2a4cea010dc22da2a6047525cacb39f |
| kernel-rt-trace-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 8d1c784002f6e8bfe7c44e02426e5f0b8872c4ceb1dcdf6bbfc15ed840c3141a |
| kernel-rt-trace-devel-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 53eb40b25d1367d28893a0b34f507f12a0a78280a00c2329d69dde1110614b2e |
| kernel-rt-trace-kvm-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 47de10ee991a4080ca3f5b9a1ac8684a167d2bb25f078b941c0075c16618eeeb |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.8.2.rt56.1103.el7.x86_64.rpm | SHA-256: 12b9c9ee4e36624602a7169a664e0022ec2d4653fd6da36175b43c70fad7bfa2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.