- Issued:
- 2020-07-29
- Updated:
- 2020-07-29
RHSA-2020:3219 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908)
- kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837441)
- kernel-rt: update RT source tree to the RHEL-8.2.z3 source tree (BZ#1856816)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1852942 - CVE-2019-20908 kernel: lockdown: bypass through ACPI write via efivar_ssdt
- BZ - 1852962 - CVE-2020-15780 kernel: lockdown: bypass through ACPI write via acpi_configfs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: d6f215d8baeba55a62c150e214ee490190629512729ab000a057417a37f33a38 |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 6806f5c7723e2dd9d39f1b1af32ef04e897e348e044a1546e71928b7837cd9e7 |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: d6f215d8baeba55a62c150e214ee490190629512729ab000a057417a37f33a38 |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 6806f5c7723e2dd9d39f1b1af32ef04e897e348e044a1546e71928b7837cd9e7 |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.src.rpm | SHA-256: 992b43c12ccca6c9bc21a8c6b1dd200a7c3b05cea965583f21c2672e628b75de |
| x86_64 | |
| kernel-rt-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 1f4917c657883ba4979c6dee88e188d6b4b0c0fca976881e025ba69e8a429acd |
| kernel-rt-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 9cc6697e82712da214df7c7eff67f6f1a481028a0c180d54aa94a699bbe7019d |
| kernel-rt-debug-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 0f329e7ea296f1d8f8e39b468508c0d91e5f67034c0088daf3108cb3cae4bbb1 |
| kernel-rt-debug-core-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 10f4b1fcecbb0077e7586b2d79bb7065e329d074cdd6413d1956698429f2de4a |
| kernel-rt-debug-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: db8e50dd57ab0be972a3a59eb84609a3bd30e90246fe4fb3aef8d5cffa52be34 |
| kernel-rt-debug-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 341b5ffdcd4e4e7eff95ebdd235fb3d3c886999f95b5389e3b69722308c712ef |
| kernel-rt-debug-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: d6f215d8baeba55a62c150e214ee490190629512729ab000a057417a37f33a38 |
| kernel-rt-debug-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 44b394c51e66ee729644fb41bb23eeca8bb54bab8873a30b2506f29d31029e2e |
| kernel-rt-debug-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 2b8146d56f4039be335d14b8cabcaf845a3963c1b787a7d4e60403f1df068626 |
| kernel-rt-debuginfo-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 307d35f346e73b379510a9a4f52efbc97e28a887caf04aa94cc3f45206bfe4ef |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 99a3b9c1fe467f9cc7c71552d6a6a71e0bacf054fa0bf28e31e95f3fb5796124 |
| kernel-rt-devel-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 120f76f4baaf43c5d587ebcaeaabf89d082668271f8da40c5309fabc99d519ec |
| kernel-rt-kvm-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 6806f5c7723e2dd9d39f1b1af32ef04e897e348e044a1546e71928b7837cd9e7 |
| kernel-rt-modules-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: 361028b1a8a5b724b8a4da3ebdd5cb75bfba7576522238bc9762b0b63d316fe2 |
| kernel-rt-modules-extra-4.18.0-193.14.3.rt13.67.el8_2.x86_64.rpm | SHA-256: c32378e5faf0585e8360a3e13c3c9ea87cbd5333ebab1ba9e19e7ce6c5e5f8ba |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.