- Issued:
- 2020-07-29
- Updated:
- 2020-07-29
RHSA-2020:3221 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)
- kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)
- kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)
- kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837438)
- kernel-rt: update to the latest RHEL7.8.z3 source tree (BZ#1848017)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1783498 - CVE-2019-19527 kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver
- BZ - 1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
- BZ - 1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
- BZ - 1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.src.rpm | SHA-256: 4c757f78c6abbb4a2f4eb336c22fe4eb672f3bba898697627731f39a0d71ee3d |
| x86_64 | |
| kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 3b7962abd4594fffefe5ffbd64325d91dc00280b825877de76a57319b052f9c8 |
| kernel-rt-debug-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 90c4cc5ef801fc9d01f019eab0ac5904b30713f556ddbef7abb6afcb0c19d81f |
| kernel-rt-debug-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: f71f2d64969f52abac1e5190b367601fbeb63fd7772740d1756df96e93bb4bcb |
| kernel-rt-debug-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 1ddeabf7cc692078a23d42614f615c7199afbef61a8975e5ab154d5319cbc7e9 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 1cddd174cb0aa86a44f4e66db7b7603ceaaa953fa55e7a2240032b852051371b |
| kernel-rt-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: c50d1f4c9e917b4d86cc28b7ca39ec026da8a8d427e318e05a87b921c2ccd7f9 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 449b8c80575707754cfa782dc1b3fee7a1d8cc2545e844187c9f968fe27f6c35 |
| kernel-rt-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: a60b21c56d55c8ccfb27edce7d6ec5b5221b0b98d704316986dd362c7753cf81 |
| kernel-rt-doc-3.10.0-1127.18.2.rt56.1116.el7.noarch.rpm | SHA-256: b27f0a55af5331c34d788d9c30e0e36fffa0ddc7fd2a4f34aab3937a61abb82e |
| kernel-rt-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 53710ae70d911872f6da4cc6ebb747b2375b4d506c32b848d3c19208a2c02860 |
| kernel-rt-trace-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 13df50b9cbe5a8133f456c640dc37504174aa92501f80cd734fd0e9a7a83e49f |
| kernel-rt-trace-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 2bb6c6082411b1827d594bbf78114736fd04da347bef8ea4db14bae5564da235 |
| kernel-rt-trace-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 4f97182aaaddffc2b9e8d515a81cd5b8f22b438f97bd1374682d3bbb5f0ddf2a |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 590ddf48b144ab79ce7feae7b58fc6022029789c9f8b0139e63bc2ecaae3e69f |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.src.rpm | SHA-256: 4c757f78c6abbb4a2f4eb336c22fe4eb672f3bba898697627731f39a0d71ee3d |
| x86_64 | |
| kernel-rt-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 3b7962abd4594fffefe5ffbd64325d91dc00280b825877de76a57319b052f9c8 |
| kernel-rt-debug-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 90c4cc5ef801fc9d01f019eab0ac5904b30713f556ddbef7abb6afcb0c19d81f |
| kernel-rt-debug-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: f71f2d64969f52abac1e5190b367601fbeb63fd7772740d1756df96e93bb4bcb |
| kernel-rt-debug-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 1ddeabf7cc692078a23d42614f615c7199afbef61a8975e5ab154d5319cbc7e9 |
| kernel-rt-debug-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 400c991cf4105e77255203c9137de588b45038f5fccff53721252bee2c7d40a7 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 1cddd174cb0aa86a44f4e66db7b7603ceaaa953fa55e7a2240032b852051371b |
| kernel-rt-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: c50d1f4c9e917b4d86cc28b7ca39ec026da8a8d427e318e05a87b921c2ccd7f9 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 449b8c80575707754cfa782dc1b3fee7a1d8cc2545e844187c9f968fe27f6c35 |
| kernel-rt-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: a60b21c56d55c8ccfb27edce7d6ec5b5221b0b98d704316986dd362c7753cf81 |
| kernel-rt-doc-3.10.0-1127.18.2.rt56.1116.el7.noarch.rpm | SHA-256: b27f0a55af5331c34d788d9c30e0e36fffa0ddc7fd2a4f34aab3937a61abb82e |
| kernel-rt-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: d62fdbf931fbeede035732fc6374836a8638c641c2c108bee48f50b75b0b9253 |
| kernel-rt-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 53710ae70d911872f6da4cc6ebb747b2375b4d506c32b848d3c19208a2c02860 |
| kernel-rt-trace-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 13df50b9cbe5a8133f456c640dc37504174aa92501f80cd734fd0e9a7a83e49f |
| kernel-rt-trace-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 2bb6c6082411b1827d594bbf78114736fd04da347bef8ea4db14bae5564da235 |
| kernel-rt-trace-devel-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 4f97182aaaddffc2b9e8d515a81cd5b8f22b438f97bd1374682d3bbb5f0ddf2a |
| kernel-rt-trace-kvm-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 0827776c76251b38326fe21c19ea9cf04e4714b98b0dfdf23ae3701dd3c4c92c |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1127.18.2.rt56.1116.el7.x86_64.rpm | SHA-256: 590ddf48b144ab79ce7feae7b58fc6022029789c9f8b0139e63bc2ecaae3e69f |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.