Red Hat Product Errata RHSA-2021:3445 - Security Advisory
Issued:
2021-09-07
Updated:
2021-09-07

RHSA-2021:3445 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512)
  • kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • OSLAT spikes on subset of cpus (BZ#1986064)
  • Failure to enter full_nohz due to needless SCHED softirqs (BZ#1990273)
  • kernel-rt: update RT source tree to the latest RHEL-8.2.z12 Batch source tree (BZ#1997761)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64

Fixes

  • BZ - 1974491 - CVE-2021-0512 kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c
  • BZ - 1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm SHA-256: b2ee550ff73c0c2bb60832cd12b1f0ea17e5803870efc2d75c674d7d8c772f20
x86_64
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 4504e50f896434e294f4d8250175778c406692de0af44fac8e53d176d1ba0964
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: e4bacf0df5a027ac59ab31791473d250235871c7483fa2345940b31720d0d210
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 977ffb5b0e374e26841b3fd28bd501db4ee32e015ebe5fcbe8b33f7e9cc27738
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 66158482b8d33406656467607b4d9a9e237d18c4cc23dc3d1424ef8d4ed847af
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 0818d3d99fcb6ef207f342a3724c1caa68e774dbc96629709fc0aea95dc7e2c1
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 4052c9152bfcbf8a549d7d916f227326dfb32306bbd40714c761b5bfb676659c
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: d94e60753e71cd7c66064472a3f61040c3b2ad0cd944f7083e1f26f405bed158
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 9127d7792c9216b9f9890d2ede12425dac5047b1bc8b223ae60101676ba034c6
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 3f5ff40104fe03fb090c9892fe6f139bb06d54f1648876a7a0139e2a659ca4ba
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 7342201b15239ac9d0eb78f5930cebf216eda48f0652adc289883d120bf758ac
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 8c7cdcdf5689927509ff21e0563dafeb7601d59287a7f607d4f56e8c0a2bb25c
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 582786ab01f4cbdd3df76293b05e6fa0e1522af6b81c22e16c0ffca5384e9c0e
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 84dc3d0096ce1f9b97ebaadbe2b45a85552b1ecc2f59fffd6f95bb67c197f799

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm SHA-256: b2ee550ff73c0c2bb60832cd12b1f0ea17e5803870efc2d75c674d7d8c772f20
x86_64
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 4504e50f896434e294f4d8250175778c406692de0af44fac8e53d176d1ba0964
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: e4bacf0df5a027ac59ab31791473d250235871c7483fa2345940b31720d0d210
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 977ffb5b0e374e26841b3fd28bd501db4ee32e015ebe5fcbe8b33f7e9cc27738
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 66158482b8d33406656467607b4d9a9e237d18c4cc23dc3d1424ef8d4ed847af
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 0818d3d99fcb6ef207f342a3724c1caa68e774dbc96629709fc0aea95dc7e2c1
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 4052c9152bfcbf8a549d7d916f227326dfb32306bbd40714c761b5bfb676659c
kernel-rt-debug-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 86942921fa7aa1686ade6777919f815b97eb32fa127cb21356d2a6daa9b5cb6d
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: d94e60753e71cd7c66064472a3f61040c3b2ad0cd944f7083e1f26f405bed158
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 9127d7792c9216b9f9890d2ede12425dac5047b1bc8b223ae60101676ba034c6
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 3f5ff40104fe03fb090c9892fe6f139bb06d54f1648876a7a0139e2a659ca4ba
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 7342201b15239ac9d0eb78f5930cebf216eda48f0652adc289883d120bf758ac
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 8c7cdcdf5689927509ff21e0563dafeb7601d59287a7f607d4f56e8c0a2bb25c
kernel-rt-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: e4cfb1773b8ad69e24a4db0bbdeefd5de6829e6ec95a0fa403bfc3774872de39
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 582786ab01f4cbdd3df76293b05e6fa0e1522af6b81c22e16c0ffca5384e9c0e
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm SHA-256: 84dc3d0096ce1f9b97ebaadbe2b45a85552b1ecc2f59fffd6f95bb67c197f799

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.