- Issued:
- 2020-06-23
- Updated:
- 2020-06-23
RHSA-2020:2665 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827198)
- kernel-rt: update to the latest RHEL7.8.z source tree (BZ#1844620)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64
Fixes
- BZ - 1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.src.rpm | SHA-256: ad9868a70c65ca76a7ba500e6c0bfc34c42167ba0d5f5c05f85c9bc8aa0f1e1e |
| x86_64 | |
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 4a77f29f49269950c7811381b92bdde9f26513ec3fc1c5b1a5cb0a1a3e6da742 |
| kernel-rt-debug-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5e62c2073b92fb4d1ba78de5b9028c061094631e3f8610caa70bcd67ed4a9581 |
| kernel-rt-debug-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 35612a2821d97eccd1ee44073f59432ebb8fe8cdb5aa9fc56454da6c435344c0 |
| kernel-rt-debug-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: d0a8e4f36112e268addc89c77c4f0fc1ee8f82b7699afdd3baf6da5e3aa159a2 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5aa6565b2cad1c9f9f30bedcf661ce51154498b56e9394b5a02d58153da51747 |
| kernel-rt-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8a79f3b5c7056d02246009f484b0d6437937e41f638c2584cef952efd6a8a680 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 96d28125a4ecf0d14ad1ef53640e72cef56338e33475a66afb62d63e2e4fcd80 |
| kernel-rt-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 79c34a6705ba3d16201de758109fef49561d29d3b0dbc735b044e19cfee8a327 |
| kernel-rt-doc-3.10.0-1127.13.1.rt56.1110.el7.noarch.rpm | SHA-256: 56ff6da54190efb5fea7a9512825fb9fa31f8aefc1dc7c6fd41fc4a629502b40 |
| kernel-rt-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 9e0508036595b8c6f9d217f6160465009db7a1a084c066db2d2d1b2700d407f6 |
| kernel-rt-trace-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: e5ef54c0013e1f99f4241f7329b8b5e18d0991aef634e4ee9c754befbbc140ef |
| kernel-rt-trace-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5438a37f77dd940dc3a3ab88be488ed141ac2a79555697ec2e7afa94fb0bc529 |
| kernel-rt-trace-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 461f2bb0b30dc11b5a252e6644c71cc19def15d1cbf0516535b49dbba4a5f8f2 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8490969635907367cc045a891eeb97b80e613e903a61fa9bfbb513a6eb4fc628 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.src.rpm | SHA-256: ad9868a70c65ca76a7ba500e6c0bfc34c42167ba0d5f5c05f85c9bc8aa0f1e1e |
| x86_64 | |
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 4a77f29f49269950c7811381b92bdde9f26513ec3fc1c5b1a5cb0a1a3e6da742 |
| kernel-rt-debug-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5e62c2073b92fb4d1ba78de5b9028c061094631e3f8610caa70bcd67ed4a9581 |
| kernel-rt-debug-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 35612a2821d97eccd1ee44073f59432ebb8fe8cdb5aa9fc56454da6c435344c0 |
| kernel-rt-debug-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: d0a8e4f36112e268addc89c77c4f0fc1ee8f82b7699afdd3baf6da5e3aa159a2 |
| kernel-rt-debug-kvm-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: d046d9584ff3f4b3ef899ab3be00d1477907a4fb17088120140742ccd1de01c0 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5aa6565b2cad1c9f9f30bedcf661ce51154498b56e9394b5a02d58153da51747 |
| kernel-rt-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8a79f3b5c7056d02246009f484b0d6437937e41f638c2584cef952efd6a8a680 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 96d28125a4ecf0d14ad1ef53640e72cef56338e33475a66afb62d63e2e4fcd80 |
| kernel-rt-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 79c34a6705ba3d16201de758109fef49561d29d3b0dbc735b044e19cfee8a327 |
| kernel-rt-doc-3.10.0-1127.13.1.rt56.1110.el7.noarch.rpm | SHA-256: 56ff6da54190efb5fea7a9512825fb9fa31f8aefc1dc7c6fd41fc4a629502b40 |
| kernel-rt-kvm-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: f4534020c04ae3b3d2943b296d792ef1031453bd305476186d987b517e40aba7 |
| kernel-rt-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 9e0508036595b8c6f9d217f6160465009db7a1a084c066db2d2d1b2700d407f6 |
| kernel-rt-trace-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: e5ef54c0013e1f99f4241f7329b8b5e18d0991aef634e4ee9c754befbbc140ef |
| kernel-rt-trace-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5438a37f77dd940dc3a3ab88be488ed141ac2a79555697ec2e7afa94fb0bc529 |
| kernel-rt-trace-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 461f2bb0b30dc11b5a252e6644c71cc19def15d1cbf0516535b49dbba4a5f8f2 |
| kernel-rt-trace-kvm-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5e0c4dd1d76b523042d94a6fe90665957466f9bbfa2a9d76399df103cc36ef8a |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8490969635907367cc045a891eeb97b80e613e903a61fa9bfbb513a6eb4fc628 |
Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.src.rpm | SHA-256: ad9868a70c65ca76a7ba500e6c0bfc34c42167ba0d5f5c05f85c9bc8aa0f1e1e |
| x86_64 | |
| kernel-rt-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 4a77f29f49269950c7811381b92bdde9f26513ec3fc1c5b1a5cb0a1a3e6da742 |
| kernel-rt-debug-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5e62c2073b92fb4d1ba78de5b9028c061094631e3f8610caa70bcd67ed4a9581 |
| kernel-rt-debug-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 35612a2821d97eccd1ee44073f59432ebb8fe8cdb5aa9fc56454da6c435344c0 |
| kernel-rt-debug-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: d0a8e4f36112e268addc89c77c4f0fc1ee8f82b7699afdd3baf6da5e3aa159a2 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5aa6565b2cad1c9f9f30bedcf661ce51154498b56e9394b5a02d58153da51747 |
| kernel-rt-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8a79f3b5c7056d02246009f484b0d6437937e41f638c2584cef952efd6a8a680 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 96d28125a4ecf0d14ad1ef53640e72cef56338e33475a66afb62d63e2e4fcd80 |
| kernel-rt-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 79c34a6705ba3d16201de758109fef49561d29d3b0dbc735b044e19cfee8a327 |
| kernel-rt-doc-3.10.0-1127.13.1.rt56.1110.el7.noarch.rpm | SHA-256: 56ff6da54190efb5fea7a9512825fb9fa31f8aefc1dc7c6fd41fc4a629502b40 |
| kernel-rt-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 9e0508036595b8c6f9d217f6160465009db7a1a084c066db2d2d1b2700d407f6 |
| kernel-rt-trace-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: e5ef54c0013e1f99f4241f7329b8b5e18d0991aef634e4ee9c754befbbc140ef |
| kernel-rt-trace-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 5438a37f77dd940dc3a3ab88be488ed141ac2a79555697ec2e7afa94fb0bc529 |
| kernel-rt-trace-devel-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 461f2bb0b30dc11b5a252e6644c71cc19def15d1cbf0516535b49dbba4a5f8f2 |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.13.1.rt56.1110.el7.x86_64.rpm | SHA-256: 8490969635907367cc045a891eeb97b80e613e903a61fa9bfbb513a6eb4fc628 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
