- Issued:
- 2021-07-20
- Updated:
- 2021-07-20
RHSA-2021:2719 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)
- kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)
- kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
- kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541)
- kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree (BZ#1968022)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1886285 - CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c
- BZ - 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory
- BZ - 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- BZ - 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
- BZ - 1968022 - kernel-rt: update RT source tree to the latest RHEL-8.2.z10 Batch source tree
- BZ - 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.60.2.rt13.112.el8_2.src.rpm | SHA-256: 4ee058c02fd42f9e363e4da8efb47e89bf88f627f3ea7eeacc69908741c688de |
| x86_64 | |
| kernel-rt-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8defb38c2a7295263b8beaef4465cf3bd0f48bce1b358494fb7cf78bdc64fb99 |
| kernel-rt-core-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 7f0daf7498f7431483e9910da08bb947c838a3b67434b14ddc4fa51b3d9e0962 |
| kernel-rt-debug-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8ea68402655eeaa0dcf11210fbe69568661749ef0784d5185d0630c75efc0603 |
| kernel-rt-debug-core-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8694ec0a127523c002a826d3fbde03342542f9295ae262aba53c28be8d2e688c |
| kernel-rt-debug-debuginfo-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 375618fc02c2a24779cfaab14d618657c7a133aca5aaaa0a45fd3c9a371af88a |
| kernel-rt-debug-devel-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: b9deb733974bae5fda741d4650977e4299d9d6e0674abeb97aca8352de80341a |
| kernel-rt-debug-modules-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 73276611467ff03c1d539913b2eab73cda21666041497397c04a9beea8a204cb |
| kernel-rt-debug-modules-extra-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 15161e3711efd69ce25d9abc2ffcd1461276dfb01dc2c6501d30e6835236f4ed |
| kernel-rt-debuginfo-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 6e09c4cbfd272b5c81987c3a63dc784fc67829ad9a8a34c51a2fde9677ee20b4 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 3b37e7649749f292b5b353ea113bbc26b56398ef97f21a3544a9761f8dd8f24c |
| kernel-rt-devel-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 65e33a9e9b5c0879708f91dd3c28d1e62d87a49976085909c7338ba8993ca5c1 |
| kernel-rt-modules-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 515e21e823080907e323ebca0a1f532cd44f88ced56ee379592d5fe8d4b644d8 |
| kernel-rt-modules-extra-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 0d7a9f86b65d0870738e471ed9b0ed94e8045a9c05e6d338abadc43ff256d419 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.60.2.rt13.112.el8_2.src.rpm | SHA-256: 4ee058c02fd42f9e363e4da8efb47e89bf88f627f3ea7eeacc69908741c688de |
| x86_64 | |
| kernel-rt-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8defb38c2a7295263b8beaef4465cf3bd0f48bce1b358494fb7cf78bdc64fb99 |
| kernel-rt-core-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 7f0daf7498f7431483e9910da08bb947c838a3b67434b14ddc4fa51b3d9e0962 |
| kernel-rt-debug-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8ea68402655eeaa0dcf11210fbe69568661749ef0784d5185d0630c75efc0603 |
| kernel-rt-debug-core-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 8694ec0a127523c002a826d3fbde03342542f9295ae262aba53c28be8d2e688c |
| kernel-rt-debug-debuginfo-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 375618fc02c2a24779cfaab14d618657c7a133aca5aaaa0a45fd3c9a371af88a |
| kernel-rt-debug-devel-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: b9deb733974bae5fda741d4650977e4299d9d6e0674abeb97aca8352de80341a |
| kernel-rt-debug-kvm-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 62ece7350ceba232749a73cb24e9f4ad6154a6b17f29ebb9418413765c6f7886 |
| kernel-rt-debug-modules-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 73276611467ff03c1d539913b2eab73cda21666041497397c04a9beea8a204cb |
| kernel-rt-debug-modules-extra-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 15161e3711efd69ce25d9abc2ffcd1461276dfb01dc2c6501d30e6835236f4ed |
| kernel-rt-debuginfo-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 6e09c4cbfd272b5c81987c3a63dc784fc67829ad9a8a34c51a2fde9677ee20b4 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 3b37e7649749f292b5b353ea113bbc26b56398ef97f21a3544a9761f8dd8f24c |
| kernel-rt-devel-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 65e33a9e9b5c0879708f91dd3c28d1e62d87a49976085909c7338ba8993ca5c1 |
| kernel-rt-kvm-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 590900b380c1126eba49481e4529f31a0a50f0440d46a6391194b37cb6b3155c |
| kernel-rt-modules-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 515e21e823080907e323ebca0a1f532cd44f88ced56ee379592d5fe8d4b644d8 |
| kernel-rt-modules-extra-4.18.0-193.60.2.rt13.112.el8_2.x86_64.rpm | SHA-256: 0d7a9f86b65d0870738e471ed9b0ed94e8045a9c05e6d338abadc43ff256d419 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.