- Issued:
- 2021-08-31
- Updated:
- 2021-08-31
RHSA-2021:3375 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609)
- kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)
- kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)
- kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.2.z11 Batch source tree (BZ#1984586)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
- BZ - 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
- BZ - 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation
- BZ - 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm | SHA-256: 4c7b946d49f7db61ccd67f0a9d294e342d77c0655b61cf24ffe370094bedf9b0 |
| x86_64 | |
| kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 3421451186b336d4dcb91a0ba433cd930a65601f588a1f69cfbd0c8a59aa9897 |
| kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 0be22e3f01c64313544d3116d976e7fc2f6ae2d1522ba6d29b511aab22cf0fc9 |
| kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: eff6c082dab8949a5354e12f6bff25d79723194d5a7a45c794f9d7235e10a553 |
| kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 264aa4f233a884f9d11fd04db06aa44a43378e81eb5a96b9d3c7e245032b7ca9 |
| kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: a1ced7e1d0ab2ed954eee3490f041cd3c20d0162e20aa2380ebdfcebe0c9fd74 |
| kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: b62a17644f0ce38c904d4d245382d718e90242bd40bf391ce60a97cfc8167e73 |
| kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: a016783d51d708cae8d459687a30d1be0dea1ef0458195e8c2f200bf6adce989 |
| kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: d2e30bceeb20f4638b4c2fba3d99e235f85641d2b8b2ca91ccd3332d440f5eba |
| kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 487d10d3e24c9c91d8ecdac4ab455b2e35582552532545bf3e4ae6c4a6db1491 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 247a2c98eab29d152563a92ca1aead2ac7d28ca54402f1c3180f347228f50bca |
| kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 48460db2790c35708fc00d5aa398ed05007ab8e5e60cec4f9e28b83c69157ff6 |
| kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 73d24db3629b372256804b2ef0de419a190055e17522d397f9d3f12fff23dc95 |
| kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 4b0abf844a4955da626a0d032d8dfc22dad77e9b0e194377b3110cb62a27c41e |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm | SHA-256: 4c7b946d49f7db61ccd67f0a9d294e342d77c0655b61cf24ffe370094bedf9b0 |
| x86_64 | |
| kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 3421451186b336d4dcb91a0ba433cd930a65601f588a1f69cfbd0c8a59aa9897 |
| kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 0be22e3f01c64313544d3116d976e7fc2f6ae2d1522ba6d29b511aab22cf0fc9 |
| kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: eff6c082dab8949a5354e12f6bff25d79723194d5a7a45c794f9d7235e10a553 |
| kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 264aa4f233a884f9d11fd04db06aa44a43378e81eb5a96b9d3c7e245032b7ca9 |
| kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: a1ced7e1d0ab2ed954eee3490f041cd3c20d0162e20aa2380ebdfcebe0c9fd74 |
| kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: b62a17644f0ce38c904d4d245382d718e90242bd40bf391ce60a97cfc8167e73 |
| kernel-rt-debug-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 9e8e7a637023c167c4bab14ffad965fddf2620ac0e4159f5395f6596b033c6ce |
| kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: a016783d51d708cae8d459687a30d1be0dea1ef0458195e8c2f200bf6adce989 |
| kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: d2e30bceeb20f4638b4c2fba3d99e235f85641d2b8b2ca91ccd3332d440f5eba |
| kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 487d10d3e24c9c91d8ecdac4ab455b2e35582552532545bf3e4ae6c4a6db1491 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 247a2c98eab29d152563a92ca1aead2ac7d28ca54402f1c3180f347228f50bca |
| kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 48460db2790c35708fc00d5aa398ed05007ab8e5e60cec4f9e28b83c69157ff6 |
| kernel-rt-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: f11c2d4ca71f0eee9a0f7162321ada5c464d70195619483a96b29b98567b2373 |
| kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 73d24db3629b372256804b2ef0de419a190055e17522d397f9d3f12fff23dc95 |
| kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm | SHA-256: 4b0abf844a4955da626a0d032d8dfc22dad77e9b0e194377b3110cb62a27c41e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
