Red Hat Product Errata RHSA-2021:2316 - Security Advisory

Issued:: 2021-06-08
Updated:: 2021-06-08

RHSA-2021:2316 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
kernel: Use after free via PI futex state (CVE-2021-3347)
kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648)
kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)
kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)
kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)
kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time 7 x86_64
Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

BZ - 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
BZ - 1894587 - lru-add-drain workqueue on RT is allocated without being used
BZ - 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
BZ - 1930246 - CVE-2020-12362 kernel: Integer overflow in Intel(R) Graphics Drivers
BZ - 1930249 - CVE-2020-12363 kernel: Improper input validation in some Intel(R) Graphics Drivers
BZ - 1930251 - CVE-2020-12364 kernel: Null pointer dereference in some Intel(R) Graphics Drivers
BZ - 1940627 - CVE-2020-27170 kernel: Speculation on pointer arithmetic against bpf_context pointer

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm	SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e
x86_64
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc
kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86
kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec
kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18
kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3
kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf
kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm	SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb
kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34
kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3
kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.src.rpm	SHA-256: 2f98c4ff84331a565b975769988b7e3891aac0f20ee4bfa71a55a6396b1db99e
x86_64
kernel-rt-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: f754db2e178bd146a1763424b843e015dc35946027fe92fe3d2594075f9373bc
kernel-rt-debug-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 7e930a6376f9ab28c0412ddc222ffa5e134f18004a588a0480af81069d103a86
kernel-rt-debug-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 000d60437394dbc0427521a821d17549eba8b58c9a9f69d2397fbaf380432fec
kernel-rt-debug-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: b161fade6b02bd383b8d667f54ffca0cf177e17799c374e1ae013c6a4f7aea18
kernel-rt-debug-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 753133f43786c0614498ad620603f6fb86250bba6b3b8a2938244a61b0f7a2ee
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: d85cf9011b93c0a066595db5cb11b6e5ad606114682653e6724df144196274da
kernel-rt-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: dc1c9e0a4a205376670ad58b16b72e910fea7b325e1ba620803ef1bc835c7254
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: ecf073af16ea0c7dc297bbffb416181de6cb5310e7026d9804354f90c9db0bf3
kernel-rt-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 31b3e42b22856838ec336af8531e9b4536712f4910fc4460abd2d91bfab73adf
kernel-rt-doc-3.10.0-1160.31.1.rt56.1169.el7.noarch.rpm	SHA-256: 6e4fb46f4b57dbbd62ffc92bdf502a18395cf7e05b9c58b3fd4128a72ede4acb
kernel-rt-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 962de8c2a3a10b780b61077b69a736dbb1a937d0dfead76aaf620ce9d9cba529
kernel-rt-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 36d3a8e3acfc503702d649200ed117409e96f9f55b4fd8e49dec3a6c65549131
kernel-rt-trace-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 3a32220da4e6a56ad624285519d874ead9840aa0da2dd79f1a40c8f6a11f2f34
kernel-rt-trace-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: eac53fdccc53a2d7e67dd6d6c13cbd062446b65a0d0c2aae97256a1beee287f3
kernel-rt-trace-devel-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: 92580ec9f1f85232ed29656a16a85db6d1585fd28c2ff574cbbbfc9204d10a3b
kernel-rt-trace-kvm-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: ccb968f3d9ded293600ddb681c2953cd07ff2c347c4e7e3fd9c6f48b585baa6c
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.31.1.rt56.1169.el7.x86_64.rpm	SHA-256: e997cac7fa3f8f41d93c74695502506da03e6df4a4e0a7ba366caaa141f0dacb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories