- Issued:
- 2020-05-14
- Updated:
- 2020-05-14
RHSA-2020:2171 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711)
- Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.2.z source tree (BZ#1831781)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
- BZ - 1825116 - CVE-2020-10711 Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 72bd2690d0ab08698f0664c7ed4e7304058779d0eafc8dcf65e9516940473073 |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: be26708cf3e2e7c08807da559b3a505832ff084d4f0c47e4f73f20e45708b259 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 72bd2690d0ab08698f0664c7ed4e7304058779d0eafc8dcf65e9516940473073 |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: be26708cf3e2e7c08807da559b3a505832ff084d4f0c47e4f73f20e45708b259 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.src.rpm | SHA-256: 6951262e924409533ba9bc9c0ccc388a826018757d61c9a0e9c49d708dd27e75 |
| x86_64 | |
| kernel-rt-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 989ad1cfc2ffd0c5a8833e342141478c608b7ca5eb8d045b0b822d36605c7a65 |
| kernel-rt-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 890ddb0459d21070938135eeb80c79932adfcd7f70f24d69f6fd53e740f31fdd |
| kernel-rt-debug-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 510fb06590d169d97c16c8d736ca6a4e3f157d36da31f28864f0937106bb948a |
| kernel-rt-debug-core-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 6f42dd1a943651b091aa26f7e016d946d27624777697662b6cacabf6528ab3e6 |
| kernel-rt-debug-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 4edad78a6c772bc21d5d5a24915325e5770783ee32894ea1c1fc8c4179b5df80 |
| kernel-rt-debug-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d20c84c803d769f71685a895fe1861bce41c32eecdfaff6c214f47e2b9a5ac6c |
| kernel-rt-debug-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 72bd2690d0ab08698f0664c7ed4e7304058779d0eafc8dcf65e9516940473073 |
| kernel-rt-debug-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: eafb530401bcf753ce2bff5806278b23bc103d715b476e54ac036e3af5daf2ae |
| kernel-rt-debug-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: dcc789cad1b378ac64e31520f307370e39ba545f976ab0991db7ec95c54e0487 |
| kernel-rt-debuginfo-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: d06603a40338df68911a1718a306779a3bd616e1cf943533bd8501b93cabb976 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 97fb8cf2dce4b6596192ea2a11c8912acceb1173b6332fe051aadfbe5bf49c0d |
| kernel-rt-devel-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 0507194634b6d387c01bfdde0460c3f7f23271a291b824bdccfe2545d64b7a72 |
| kernel-rt-kvm-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: be26708cf3e2e7c08807da559b3a505832ff084d4f0c47e4f73f20e45708b259 |
| kernel-rt-modules-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: 26fab3025864c593e5e8f04dad2ae283a9875c5f68bdc4dfdfd642dc2470da1f |
| kernel-rt-modules-extra-4.18.0-193.1.2.rt13.53.el8_2.x86_64.rpm | SHA-256: e6c17ba5390a92b691bb270d4c7d8b9f711e41af1fa380480ea8e7203185a5d4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.