Red Hat Product Errata RHSA-2020:5441 - Security Advisory

Issued:: 2020-12-15
Updated:: 2020-12-15

RHSA-2020:5441 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)
kernel: The flow_dissector feature allows device tracking (CVE-2019-18282)
kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769)
kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

kernel-rt: update to the latest RHEL7.9.z2 source tree (BZ#1873318)
deadlock between handle_mm_fault() and ptep_clear_flush() (BZ#1888872)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time 7 x86_64
Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

BZ - 1708775 - CVE-2020-10769 kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned.
BZ - 1796360 - CVE-2019-18282 kernel: The flow_dissector feature allows device tracking
BZ - 1853922 - CVE-2020-14314 kernel: buffer uses out of index in ext3/4 filesystem
BZ - 1869141 - CVE-2020-24394 kernel: umask not applied on filesystem without ACL support
BZ - 1874800 - CVE-2020-14385 kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt
BZ - 1877575 - CVE-2020-25212 kernel: TOCTOU mismatch in the NFS client code
BZ - 1879981 - CVE-2020-25643 kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow
BZ - 1888872 - deadlock between handle_mm_fault() and ptep_clear_flush() [rhel-7.9.z]

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.11.1.rt56.1145.el7.src.rpm	SHA-256: c70e5f8414e5508eb27e7a87bb453578399fea6684616c052147b8e5fdeed8db
x86_64
kernel-rt-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: bda00dc92c20f7a47141f33451dc3cb5f3bd5b26f26ac4ae2fbbc2fd51de607b
kernel-rt-debug-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 7b8360676a05080059b9553c911d98c2a9e13e3bd0df600f63f1be53400151f7
kernel-rt-debug-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 0a772c29f1f6d44f31fdaeb2dcb0826208c6a21aacfc407e70048a3290f7a465
kernel-rt-debug-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 0fb8581044abe69e09fd77b79d25d315b1827acd29d6f7bd8176b5d39efeaf13
kernel-rt-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 71605ee692af685802063340b925934673ca17d5113c6d4f32488705c03f35dd
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: a05cfe31c4766040b2fdb1592f08315f01e218b4b0aa7979bde8f163e0ce6957
kernel-rt-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 1b36b8776384ef3b63517cf3e873f08441c2f00bba3f9b5bf1826aee5c97411c
kernel-rt-doc-3.10.0-1160.11.1.rt56.1145.el7.noarch.rpm	SHA-256: 8607af1277a46ec889f807b1424e4af6855480fa34eacb562d9f47c41dc6eb55
kernel-rt-trace-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 6e03ffb204459f7be01f75807f52d786ddbf2293845fe4517194019c7aa8f356
kernel-rt-trace-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 86873defa21525715aa9a36a31d7c62622da2c58af5f0edccf17a48eb87d5e88
kernel-rt-trace-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 9745a0e2e50bc9220355c5dc86bc976a16f031109c7c3a46ac31bb33b161aeb4

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.11.1.rt56.1145.el7.src.rpm	SHA-256: c70e5f8414e5508eb27e7a87bb453578399fea6684616c052147b8e5fdeed8db
x86_64
kernel-rt-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: bda00dc92c20f7a47141f33451dc3cb5f3bd5b26f26ac4ae2fbbc2fd51de607b
kernel-rt-debug-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 7b8360676a05080059b9553c911d98c2a9e13e3bd0df600f63f1be53400151f7
kernel-rt-debug-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 0a772c29f1f6d44f31fdaeb2dcb0826208c6a21aacfc407e70048a3290f7a465
kernel-rt-debug-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 0fb8581044abe69e09fd77b79d25d315b1827acd29d6f7bd8176b5d39efeaf13
kernel-rt-debug-kvm-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: c35c29e87e2f0b1dca49dea1c5a059ca5de536e47ddab98ff99e8d49a3378fab
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 8eacddeacdf541ef1e460bbab9e130b2b8c4b924b39b89eaea9bf7f26e821ba3
kernel-rt-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 71605ee692af685802063340b925934673ca17d5113c6d4f32488705c03f35dd
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: a05cfe31c4766040b2fdb1592f08315f01e218b4b0aa7979bde8f163e0ce6957
kernel-rt-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 1b36b8776384ef3b63517cf3e873f08441c2f00bba3f9b5bf1826aee5c97411c
kernel-rt-doc-3.10.0-1160.11.1.rt56.1145.el7.noarch.rpm	SHA-256: 8607af1277a46ec889f807b1424e4af6855480fa34eacb562d9f47c41dc6eb55
kernel-rt-kvm-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 804a6ad6575d79ec8531599fdf0aad6727915088610b572c0681ffc685cdb26a
kernel-rt-kvm-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: c179e18e4ed94a53f64eb83b02eb4c3f9523125a947a108308bd4fd7860ceb99
kernel-rt-trace-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 6e03ffb204459f7be01f75807f52d786ddbf2293845fe4517194019c7aa8f356
kernel-rt-trace-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 86873defa21525715aa9a36a31d7c62622da2c58af5f0edccf17a48eb87d5e88
kernel-rt-trace-devel-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: 9745a0e2e50bc9220355c5dc86bc976a16f031109c7c3a46ac31bb33b161aeb4
kernel-rt-trace-kvm-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: ad260bd82dc75901ed8e0dbd02eaba7e71912d0a98ed7380b12994b021fcd85b
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.11.1.rt56.1145.el7.x86_64.rpm	SHA-256: c31f4eac82851e2b7b09ed6392d185ee7bc9b99224799f0d17db37f7ff08966b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories