- Issued:
- 2021-12-21
- Updated:
- 2021-12-21
RHSA-2021:5241 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename() (CVE-2021-20321)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.5.z1 source tree (BZ#2023988)
- [rt] RHEL-8.6: disable KASAN, KCSAN and UBSAN for kernel-rt (BZ#2026384)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6 x86_64
Fixes
- BZ - 2013242 - CVE-2021-20321 kernel: In Overlayfs missing a check for a negative dentry before calling vfs_rename()
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm | SHA-256: b482c016475b45175de3cfd881908b2416e83aeea632f9b0bd50640940e1e8df |
| x86_64 | |
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9f0d6bc8ef64dba42242a7b3776c545f363d7d89b3c8ee111a87f68dde156ac0 |
| kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d0ca75b00fcd8299f089dc6da4232a00892f025992a0f2f42485f9faf677bbc2 |
| kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: c9a9aa232e0edd39ccca183a97b921756e41b81fe9a1fbbc258347e4bdea87a9 |
| kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9914a2413cc46b2e96be38b15fc7571a964e9364da803a52e22419a4a5d778d3 |
| kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 7ed3f7d5afb23b8ecd632effaa0e1f82485463a1142157aeb623a82956c55627 |
| kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 394eaf4cd0fdc2efa7ffab9cdcbd3f10faf1446561b03bf43947b10339b11f85 |
| kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 06ceb493297def23396c342efb12b6d0642005eb0d0e1fcc86cb551aaf48c7e7 |
| kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a0ec1d4fe3f40b1163bee81b9f2c88fc86e237b63c85b3dd8561f9f4207337dc |
| kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 6239add9eb58b0d17e82149b2ee191c7b55047566d65ab7b09970e3bfc3f7d7c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 3bfb3d7a6c52dca46836775ce9abe61a415ccc42c7020f038cc76ebb93693430 |
| kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d4e58a801af314e60938f0d9cf68499a474495b98fc6d7d293f3a670a357b372 |
| kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 1279762f2bce3bfdec151f62777b5dfca8589012f726c50d16d44537825ebde5 |
| kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 670285cbbbe60a98ea6d63176e32811ad7a3a7e42f6b13c65012a7e3a41dc836 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm | SHA-256: b482c016475b45175de3cfd881908b2416e83aeea632f9b0bd50640940e1e8df |
| x86_64 | |
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9f0d6bc8ef64dba42242a7b3776c545f363d7d89b3c8ee111a87f68dde156ac0 |
| kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d0ca75b00fcd8299f089dc6da4232a00892f025992a0f2f42485f9faf677bbc2 |
| kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: c9a9aa232e0edd39ccca183a97b921756e41b81fe9a1fbbc258347e4bdea87a9 |
| kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9914a2413cc46b2e96be38b15fc7571a964e9364da803a52e22419a4a5d778d3 |
| kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 7ed3f7d5afb23b8ecd632effaa0e1f82485463a1142157aeb623a82956c55627 |
| kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 394eaf4cd0fdc2efa7ffab9cdcbd3f10faf1446561b03bf43947b10339b11f85 |
| kernel-rt-debug-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a32029e0cecfb2241aeed0afb4dda339e1474368493189d2f8a65c732567c646 |
| kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 06ceb493297def23396c342efb12b6d0642005eb0d0e1fcc86cb551aaf48c7e7 |
| kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a0ec1d4fe3f40b1163bee81b9f2c88fc86e237b63c85b3dd8561f9f4207337dc |
| kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 6239add9eb58b0d17e82149b2ee191c7b55047566d65ab7b09970e3bfc3f7d7c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 3bfb3d7a6c52dca46836775ce9abe61a415ccc42c7020f038cc76ebb93693430 |
| kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d4e58a801af314e60938f0d9cf68499a474495b98fc6d7d293f3a670a357b372 |
| kernel-rt-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: b3c3c5b3ccbcb1880fcf4014bfbbed7d2d39b80f25ed5c70d35c7769c0b99873 |
| kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 1279762f2bce3bfdec151f62777b5dfca8589012f726c50d16d44537825ebde5 |
| kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 670285cbbbe60a98ea6d63176e32811ad7a3a7e42f6b13c65012a7e3a41dc836 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm | SHA-256: b482c016475b45175de3cfd881908b2416e83aeea632f9b0bd50640940e1e8df |
| x86_64 | |
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9f0d6bc8ef64dba42242a7b3776c545f363d7d89b3c8ee111a87f68dde156ac0 |
| kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d0ca75b00fcd8299f089dc6da4232a00892f025992a0f2f42485f9faf677bbc2 |
| kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: c9a9aa232e0edd39ccca183a97b921756e41b81fe9a1fbbc258347e4bdea87a9 |
| kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9914a2413cc46b2e96be38b15fc7571a964e9364da803a52e22419a4a5d778d3 |
| kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 7ed3f7d5afb23b8ecd632effaa0e1f82485463a1142157aeb623a82956c55627 |
| kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 394eaf4cd0fdc2efa7ffab9cdcbd3f10faf1446561b03bf43947b10339b11f85 |
| kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 06ceb493297def23396c342efb12b6d0642005eb0d0e1fcc86cb551aaf48c7e7 |
| kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a0ec1d4fe3f40b1163bee81b9f2c88fc86e237b63c85b3dd8561f9f4207337dc |
| kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 6239add9eb58b0d17e82149b2ee191c7b55047566d65ab7b09970e3bfc3f7d7c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 3bfb3d7a6c52dca46836775ce9abe61a415ccc42c7020f038cc76ebb93693430 |
| kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d4e58a801af314e60938f0d9cf68499a474495b98fc6d7d293f3a670a357b372 |
| kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 1279762f2bce3bfdec151f62777b5dfca8589012f726c50d16d44537825ebde5 |
| kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 670285cbbbe60a98ea6d63176e32811ad7a3a7e42f6b13c65012a7e3a41dc836 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.src.rpm | SHA-256: b482c016475b45175de3cfd881908b2416e83aeea632f9b0bd50640940e1e8df |
| x86_64 | |
| kernel-rt-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9f0d6bc8ef64dba42242a7b3776c545f363d7d89b3c8ee111a87f68dde156ac0 |
| kernel-rt-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d0ca75b00fcd8299f089dc6da4232a00892f025992a0f2f42485f9faf677bbc2 |
| kernel-rt-debug-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: c9a9aa232e0edd39ccca183a97b921756e41b81fe9a1fbbc258347e4bdea87a9 |
| kernel-rt-debug-core-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 9914a2413cc46b2e96be38b15fc7571a964e9364da803a52e22419a4a5d778d3 |
| kernel-rt-debug-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 7ed3f7d5afb23b8ecd632effaa0e1f82485463a1142157aeb623a82956c55627 |
| kernel-rt-debug-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 394eaf4cd0fdc2efa7ffab9cdcbd3f10faf1446561b03bf43947b10339b11f85 |
| kernel-rt-debug-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a32029e0cecfb2241aeed0afb4dda339e1474368493189d2f8a65c732567c646 |
| kernel-rt-debug-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 06ceb493297def23396c342efb12b6d0642005eb0d0e1fcc86cb551aaf48c7e7 |
| kernel-rt-debug-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: a0ec1d4fe3f40b1163bee81b9f2c88fc86e237b63c85b3dd8561f9f4207337dc |
| kernel-rt-debuginfo-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 6239add9eb58b0d17e82149b2ee191c7b55047566d65ab7b09970e3bfc3f7d7c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 3bfb3d7a6c52dca46836775ce9abe61a415ccc42c7020f038cc76ebb93693430 |
| kernel-rt-devel-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: d4e58a801af314e60938f0d9cf68499a474495b98fc6d7d293f3a670a357b372 |
| kernel-rt-kvm-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: b3c3c5b3ccbcb1880fcf4014bfbbed7d2d39b80f25ed5c70d35c7769c0b99873 |
| kernel-rt-modules-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 1279762f2bce3bfdec151f62777b5dfca8589012f726c50d16d44537825ebde5 |
| kernel-rt-modules-extra-4.18.0-348.7.1.rt7.137.el8_5.x86_64.rpm | SHA-256: 670285cbbbe60a98ea6d63176e32811ad7a3a7e42f6b13c65012a7e3a41dc836 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.