- Issued:
- 2021-02-02
- Updated:
- 2021-02-02
RHSA-2021:0338 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free in fs/block_dev.c (CVE-2020-15436)
- kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the latest RHEL7.9.z3 source tree (BZ#1906133)
- [kernel-rt] WARNING: CPU: 8 PID: 586 at kernel/sched/core.c:3644 migrate_enable+0x15f/0x210 (BZ#1916123)
- [kernel-rt-debug] [ BUG: bad unlock balance detected! ] [RHEL-7.9.z] (BZ#1916130)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1901168 - CVE-2020-15436 kernel: use-after-free in fs/block_dev.c
- BZ - 1906133 - kernel-rt: update to the latest RHEL7.9.z3 source tree
- BZ - 1911309 - CVE-2020-35513 kernel: Nfsd failure to clear umask after processing an open or create
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.15.2.rt56.1152.el7.src.rpm | SHA-256: 6c7afaefcda866371f79229bc7e1d6cbb6409f7a4a45ed5150fee4cdf113e6c1 |
| x86_64 | |
| kernel-rt-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 45ce871cc7be325690bdf672abe5a07f00ed11353e0189330672b189b3157b12 |
| kernel-rt-debug-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: b3a44f8e77cc3c06df97dfffef3761b00cf2ef28869ff94cbde9a0d248548ded |
| kernel-rt-debug-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: aee15931d6be50150083cb5ad1ef79f47f094a80a6d769dacbe21c21b1a0811b |
| kernel-rt-debug-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: c5916569e14001ac924b827ff945294cb4d168413b03ef2f1aab5958d9851379 |
| kernel-rt-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: f65eed0b33742cc968b5473512dcb239e972388709afb96ce3e66c07fbdd6f63 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 95f7a8d80711c3e5ebd48b7cd0ef4eb97de5408eda95803e5d3cf7bdb04f970b |
| kernel-rt-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 6d512e76f0b8d9fd1a5f209cb367c130c20e47e5ad438b4c4e77efd1e1c9981f |
| kernel-rt-doc-3.10.0-1160.15.2.rt56.1152.el7.noarch.rpm | SHA-256: 7e29d03a8ec9afc22ffbf31b72658dc0e4a4063cbca3b69b649a743b7a93f950 |
| kernel-rt-trace-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: c1c4755a3fccda9ba76a4db8b001c7acd5f9c04a69aa2fe62b6bf347ad9aefcb |
| kernel-rt-trace-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 03fb5bb9552fcacadc316b261b42328ef8a0a513fd46c0433efcbb40282ed709 |
| kernel-rt-trace-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: bd58c249f4074be5b27a558d6bf45d1a5dcb0201c4d47cb577dcaada54318ca5 |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.15.2.rt56.1152.el7.src.rpm | SHA-256: 6c7afaefcda866371f79229bc7e1d6cbb6409f7a4a45ed5150fee4cdf113e6c1 |
| x86_64 | |
| kernel-rt-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 45ce871cc7be325690bdf672abe5a07f00ed11353e0189330672b189b3157b12 |
| kernel-rt-debug-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: b3a44f8e77cc3c06df97dfffef3761b00cf2ef28869ff94cbde9a0d248548ded |
| kernel-rt-debug-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: aee15931d6be50150083cb5ad1ef79f47f094a80a6d769dacbe21c21b1a0811b |
| kernel-rt-debug-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: c5916569e14001ac924b827ff945294cb4d168413b03ef2f1aab5958d9851379 |
| kernel-rt-debug-kvm-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: a70b9eda46937da895562300c1b1f202220690f3a2e015f680f0793c7eb102c0 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 8720ee28657d5e58a512f9b005fe273a95c2437e9f25497393bb90794b9de80d |
| kernel-rt-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: f65eed0b33742cc968b5473512dcb239e972388709afb96ce3e66c07fbdd6f63 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 95f7a8d80711c3e5ebd48b7cd0ef4eb97de5408eda95803e5d3cf7bdb04f970b |
| kernel-rt-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 6d512e76f0b8d9fd1a5f209cb367c130c20e47e5ad438b4c4e77efd1e1c9981f |
| kernel-rt-doc-3.10.0-1160.15.2.rt56.1152.el7.noarch.rpm | SHA-256: 7e29d03a8ec9afc22ffbf31b72658dc0e4a4063cbca3b69b649a743b7a93f950 |
| kernel-rt-kvm-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 2d86a56f8bb4a3f59173ec002109bf16745e63cb5980657d84897a8585fd322e |
| kernel-rt-kvm-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: d34919442ee42673d2b7bf55e78311fd6c0f8e3fcfa596102cae2c48a5cccbfc |
| kernel-rt-trace-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: c1c4755a3fccda9ba76a4db8b001c7acd5f9c04a69aa2fe62b6bf347ad9aefcb |
| kernel-rt-trace-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 03fb5bb9552fcacadc316b261b42328ef8a0a513fd46c0433efcbb40282ed709 |
| kernel-rt-trace-devel-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: bd58c249f4074be5b27a558d6bf45d1a5dcb0201c4d47cb577dcaada54318ca5 |
| kernel-rt-trace-kvm-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 312f211caeb217811d58594c721573f7e316df537a816d1b595c618455a51a4a |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1160.15.2.rt56.1152.el7.x86_64.rpm | SHA-256: 5a6aa3ea86a7c05463e9fe6278b182abc882645a3eea810e3e79c1530b969031 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.