- Issued:
- 2021-06-08
- Updated:
- 2021-06-08
RHSA-2021:2316 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
- kernel: Use after free via PI futex state (CVE-2021-3347)
- kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)
- kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)
- kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)
- kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)
- kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
- BZ - 1894587 - lru-add-drain workqueue on RT is allocated without being used
- BZ - 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
- BZ - 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
- BZ - 1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers
- BZ - 1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers
- BZ - 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm | SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e |
| x86_64 | |
| kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc |
| kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86 |
| kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec |
| kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18 |
| kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3 |
| kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf |
| kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm | SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb |
| kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34 |
| kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3 |
| kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm | SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e |
| x86_64 | |
| kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc |
| kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86 |
| kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec |
| kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18 |
| kernel-rt-debug-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 753133f43786c0614498ad620603f6fb86250bba6b3b8a2938244a61b0f7a2ee |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: d85cf9011b93c0a066595db5cb11b6e5ad606114682653e6724df144196274da |
| kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3 |
| kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf |
| kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm | SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb |
| kernel-rt-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 962de8c2a3a10b780b61077b69a736dbb1a937d0dfead76aaf620ce9d9cba529 |
| kernel-rt-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 36d3a8e3acfc503702d649200ed117409e96f9f55b4fd8e49dec3a6c65549131 |
| kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34 |
| kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3 |
| kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b |
| kernel-rt-trace-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: ccb968f3d9ded293600ddb681c2953cd07ff2c347c4e7e3fd9c6f48b585baa6c |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm | SHA-256: e997cac7fa3f8f41d93c74695502506da03e6df4a4e0a7ba366caaa141f0dacb |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.