Red Hat Product Errata RHSA-2021:2316 - Security Advisory
Issued:
2021-06-08
Updated:
2021-06-08

RHSA-2021:2316 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
  • kernel: Use after free via PI futex state (CVE-2021-3347)
  • kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)
  • kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)
  • kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)
  • kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)
  • kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
  • BZ - 1894587 - lru-add-drain workqueue on RT is allocated without being used
  • BZ - 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
  • BZ - 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
  • BZ - 1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers
  • BZ - 1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers
  • BZ - 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e
x86_64
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc
kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86
kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec
kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18
kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3
kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf
kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb
kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34
kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3
kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e
x86_64
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc
kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86
kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec
kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18
kernel-rt-debug-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 753133f43786c0614498ad620603f6fb86250bba6b3b8a2938244a61b0f7a2ee
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: d85cf9011b93c0a066595db5cb11b6e5ad606114682653e6724df144196274da
kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3
kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf
kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb
kernel-rt-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 962de8c2a3a10b780b61077b69a736dbb1a937d0dfead76aaf620ce9d9cba529
kernel-rt-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 36d3a8e3acfc503702d649200ed117409e96f9f55b4fd8e49dec3a6c65549131
kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34
kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3
kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b
kernel-rt-trace-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: ccb968f3d9ded293600ddb681c2953cd07ff2c347c4e7e3fd9c6f48b585baa6c
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm SHA-256: e997cac7fa3f8f41d93c74695502506da03e6df4a4e0a7ba366caaa141f0dacb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.