- Issued:
- 2021-11-02
- Updated:
- 2021-11-02
RHSA-2021:4088 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)
- kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512)
- kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#2004117)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 1974319 - CVE-2020-36385 kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free
- BZ - 1974491 - CVE-2021-0512 kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c
- BZ - 1983988 - CVE-2021-3656 kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 58124f98805a82e9fa0036e19160b06a37c33b8659624b5a3d8d9a57b8945383 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 794fe3b51ee59af8f1aba376ace8bfc63c8454028f057c95b2a9015a02234b9f |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 58124f98805a82e9fa0036e19160b06a37c33b8659624b5a3d8d9a57b8945383 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 794fe3b51ee59af8f1aba376ace8bfc63c8454028f057c95b2a9015a02234b9f |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.src.rpm | SHA-256: 435f33c3ab27dfd6b7bda46a748b6cef5d222c4066163896a9d44013e0472372 |
| x86_64 | |
| kernel-rt-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 86cc6310efd3342b753cce18d77b4b2d3e30b4b7709220a968229b521ae97489 |
| kernel-rt-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: efb086f95bfb12457e2fe19d93f95ecb31ffefebabfa60f445d0da453ee7c314 |
| kernel-rt-debug-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: ad2a6ba2485b0eeb31fb6642e58dddca158f9e6b1f69aad30976521a31accfc0 |
| kernel-rt-debug-core-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 18908af1c21e54757445138db65288623604e9b9fff951cfe60482cc312a1937 |
| kernel-rt-debug-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 7c24c2598a9378fbb3f991e4cd6878fd05b02311088bd0e968c493b5f1d77585 |
| kernel-rt-debug-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 0348d497fc3fe2dad5b07daeb9b1dbd518b4f111b81a2a17e7d392d9efd372b3 |
| kernel-rt-debug-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 58124f98805a82e9fa0036e19160b06a37c33b8659624b5a3d8d9a57b8945383 |
| kernel-rt-debug-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a10ff59ba514679d546efc962846f5f973e481aebf6addcabdfc4aa8dd448aab |
| kernel-rt-debug-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 760b35db0f33ea5417ddadb65490449cac06f10bf76e6c995dd5d776e2d8f53f |
| kernel-rt-debuginfo-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 65e2e676c91cf2017cf93f4182695f67403ba82fc604fc16e4454896db04e6a0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 9df9e9a22cd7e842c3108a6ee54899dc993d51792d2868526ddcf6e6d725e544 |
| kernel-rt-devel-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: e00873b7e68a48d61434c081741a1905661a91d13cf8dbbca1cdfb6741fee1b0 |
| kernel-rt-kvm-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 794fe3b51ee59af8f1aba376ace8bfc63c8454028f057c95b2a9015a02234b9f |
| kernel-rt-modules-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: 797233f1910ed83d018651a16ef6c26e792c4d231df4235591cd6c622e8afdf5 |
| kernel-rt-modules-extra-4.18.0-305.25.1.rt7.97.el8_4.x86_64.rpm | SHA-256: a791f1ac119da2803a0ce5138aa7e2e7f8f109d7a3705100f057d99a9abafb92 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.