- Issued:
- 2020-11-10
- Updated:
- 2020-11-10
RHSA-2020:5026 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331)
- kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [RHEL-7.9] net/ipv6/ip6_flowlabel.c:85 suspicious rcu_dereference_check() usage! (kernel-rt-debug) (BZ#1836846)
- md/raid: sleeping function called from invalid context triggered by CKI storage/swraid/trim test (BZ#1857872)
- Infinite looping when trying to acquire eventpoll->mtx during eventpoll_release_file, 2nd try (BZ#1877695)
- kernel-rt: update to the latest RHEL7.9.z1 source tree (BZ#1883995)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1846439 - CVE-2019-20811 kernel: net-sysfs: *_queue_add_kobject refcount issue
- BZ - 1858679 - CVE-2020-14331 kernel: kernel: buffer over write in vgacon_scroll
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm | SHA-256: 48023d13fff6acae6333b9cc27b1d800627853c09794dc0001b750c01ce0a30d |
| x86_64 | |
| kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: c8ec561764126133802bde6b4e489ad24906a964c7e20bd461f076d60d344e1b |
| kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 6a60838c6ad59842dc1d41105c0c406b1fa18b38f4ebebc4eac46584f2d1ed8d |
| kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 2bbb8de40de4240ff4a339328939f481e995999a739fba1d8f50ca54a2f39a01 |
| kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: e3b5a95b2ba97797b502bfa05d04066ec144669f146c26ed385de31041f85041 |
| kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 91bc9553dfc31e53193d819e47f271266f4e7e3d9dfef1da55ce7c9c105663ad |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: de1ba8219377f8e47db14173e72c3671504f3a758263138a9d5b4196622a028a |
| kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: a88611c0d5f2c781ecdaebb9fa6b20b60e175fa6aa7157ea1e4e6c44db6ba27a |
| kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm | SHA-256: 2e34685570c61ef2eaf0e40189e540b5ac91ab479676249daa3b573a02edaeb6 |
| kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: d5512351a2b36d9af27494a2e369289d322bcf22fea6dc9a7afcab376ad649dd |
| kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: afa5e2edf8b91cc608d61f4f7d6e0dedf9ec009129e8aab0e77c2ae6b4ea5a0f |
| kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 9920f09d894da62dd9683a2ba1d9e7f5fb2e93d88a0d7a9fec60a5c4234e1b3f |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.src.rpm | SHA-256: 48023d13fff6acae6333b9cc27b1d800627853c09794dc0001b750c01ce0a30d |
| x86_64 | |
| kernel-rt-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: c8ec561764126133802bde6b4e489ad24906a964c7e20bd461f076d60d344e1b |
| kernel-rt-debug-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 6a60838c6ad59842dc1d41105c0c406b1fa18b38f4ebebc4eac46584f2d1ed8d |
| kernel-rt-debug-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 2bbb8de40de4240ff4a339328939f481e995999a739fba1d8f50ca54a2f39a01 |
| kernel-rt-debug-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: e3b5a95b2ba97797b502bfa05d04066ec144669f146c26ed385de31041f85041 |
| kernel-rt-debug-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: eb99e8e6577e314349dceaa412c813ddf9ddf04400110eebdcdf026b388ec051 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 133e76effe37b55dfcbeb4967a3ed67ffab2572bbd42ae152400c81c89574a9f |
| kernel-rt-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 91bc9553dfc31e53193d819e47f271266f4e7e3d9dfef1da55ce7c9c105663ad |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: de1ba8219377f8e47db14173e72c3671504f3a758263138a9d5b4196622a028a |
| kernel-rt-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: a88611c0d5f2c781ecdaebb9fa6b20b60e175fa6aa7157ea1e4e6c44db6ba27a |
| kernel-rt-doc-3.10.0-1160.6.1.rt56.1139.el7.noarch.rpm | SHA-256: 2e34685570c61ef2eaf0e40189e540b5ac91ab479676249daa3b573a02edaeb6 |
| kernel-rt-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 4fb02e49bc30723f7410477fa909f795024f07f613b7c5819da5d6e324ac0c8c |
| kernel-rt-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: b1df26b9d81710c4509ad0ea1d4f768508bbd0ab69a9fcf18d3b7e3c7e323e5e |
| kernel-rt-trace-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: d5512351a2b36d9af27494a2e369289d322bcf22fea6dc9a7afcab376ad649dd |
| kernel-rt-trace-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: afa5e2edf8b91cc608d61f4f7d6e0dedf9ec009129e8aab0e77c2ae6b4ea5a0f |
| kernel-rt-trace-devel-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 9920f09d894da62dd9683a2ba1d9e7f5fb2e93d88a0d7a9fec60a5c4234e1b3f |
| kernel-rt-trace-kvm-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: 0f42e8518dc23858df1ffde002a18d605f0da8b24fd82c9eca9f3c9260e920cd |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1160.6.1.rt56.1139.el7.x86_64.rpm | SHA-256: e773bd039242900d8dc09c37f7e4c583c2fe5910d4d6e3ac949bc96169745ec2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.