- Issued:
- 2021-09-07
- Updated:
- 2021-09-07
RHSA-2021:3445 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512)
- kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- OSLAT spikes on subset of cpus (BZ#1986064)
- Failure to enter full_nohz due to needless SCHED softirqs (BZ#1990273)
- kernel-rt: update RT source tree to the latest RHEL-8.2.z12 Batch source tree (BZ#1997761)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1974491 - CVE-2021-0512 kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c
- BZ - 1993988 - CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
SRPM | |
---|---|
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm | SHA-256: b2ee550ff73c0c2bb60832cd12b1f0ea17e5803870efc2d75c674d7d8c772f20 |
x86_64 | |
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 4504e50f896434e294f4d8250175778c406692de0af44fac8e53d176d1ba0964 |
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: e4bacf0df5a027ac59ab31791473d250235871c7483fa2345940b31720d0d210 |
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 977ffb5b0e374e26841b3fd28bd501db4ee32e015ebe5fcbe8b33f7e9cc27738 |
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 66158482b8d33406656467607b4d9a9e237d18c4cc23dc3d1424ef8d4ed847af |
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 0818d3d99fcb6ef207f342a3724c1caa68e774dbc96629709fc0aea95dc7e2c1 |
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 4052c9152bfcbf8a549d7d916f227326dfb32306bbd40714c761b5bfb676659c |
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: d94e60753e71cd7c66064472a3f61040c3b2ad0cd944f7083e1f26f405bed158 |
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 9127d7792c9216b9f9890d2ede12425dac5047b1bc8b223ae60101676ba034c6 |
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 3f5ff40104fe03fb090c9892fe6f139bb06d54f1648876a7a0139e2a659ca4ba |
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 7342201b15239ac9d0eb78f5930cebf216eda48f0652adc289883d120bf758ac |
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 8c7cdcdf5689927509ff21e0563dafeb7601d59287a7f607d4f56e8c0a2bb25c |
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 582786ab01f4cbdd3df76293b05e6fa0e1522af6b81c22e16c0ffca5384e9c0e |
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 84dc3d0096ce1f9b97ebaadbe2b45a85552b1ecc2f59fffd6f95bb67c197f799 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
SRPM | |
---|---|
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.src.rpm | SHA-256: b2ee550ff73c0c2bb60832cd12b1f0ea17e5803870efc2d75c674d7d8c772f20 |
x86_64 | |
kernel-rt-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 4504e50f896434e294f4d8250175778c406692de0af44fac8e53d176d1ba0964 |
kernel-rt-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: e4bacf0df5a027ac59ab31791473d250235871c7483fa2345940b31720d0d210 |
kernel-rt-debug-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 977ffb5b0e374e26841b3fd28bd501db4ee32e015ebe5fcbe8b33f7e9cc27738 |
kernel-rt-debug-core-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 66158482b8d33406656467607b4d9a9e237d18c4cc23dc3d1424ef8d4ed847af |
kernel-rt-debug-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 0818d3d99fcb6ef207f342a3724c1caa68e774dbc96629709fc0aea95dc7e2c1 |
kernel-rt-debug-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 4052c9152bfcbf8a549d7d916f227326dfb32306bbd40714c761b5bfb676659c |
kernel-rt-debug-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 86942921fa7aa1686ade6777919f815b97eb32fa127cb21356d2a6daa9b5cb6d |
kernel-rt-debug-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: d94e60753e71cd7c66064472a3f61040c3b2ad0cd944f7083e1f26f405bed158 |
kernel-rt-debug-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 9127d7792c9216b9f9890d2ede12425dac5047b1bc8b223ae60101676ba034c6 |
kernel-rt-debuginfo-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 3f5ff40104fe03fb090c9892fe6f139bb06d54f1648876a7a0139e2a659ca4ba |
kernel-rt-debuginfo-common-x86_64-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 7342201b15239ac9d0eb78f5930cebf216eda48f0652adc289883d120bf758ac |
kernel-rt-devel-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 8c7cdcdf5689927509ff21e0563dafeb7601d59287a7f607d4f56e8c0a2bb25c |
kernel-rt-kvm-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: e4cfb1773b8ad69e24a4db0bbdeefd5de6829e6ec95a0fa403bfc3774872de39 |
kernel-rt-modules-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 582786ab01f4cbdd3df76293b05e6fa0e1522af6b81c22e16c0ffca5384e9c0e |
kernel-rt-modules-extra-4.18.0-193.65.2.rt13.117.el8_2.x86_64.rpm | SHA-256: 84dc3d0096ce1f9b97ebaadbe2b45a85552b1ecc2f59fffd6f95bb67c197f799 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.