Important: kernel-rt security and bug fix update

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

• kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
  
• kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757)
  
• kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766)
  
• kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767)
  
• kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768)
  
• kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653)
  
• kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654)
  
• Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888)
  
• kernel: kvm: Information leak within a KVM guest (CVE-2019-3016)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• kernel-rt: update RT source tree to the RHEL-8.2.z2 source tree (BZ#1829582)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for Real Time 8 x86_64
• Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

• BZ - 1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
• BZ - 1792167 - CVE-2019-3016 kernel: kvm: Information leak within a KVM guest
• BZ - 1831868 - CVE-2020-12653 kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c
• BZ - 1832530 - CVE-2020-12654 kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c
• BZ - 1836244 - CVE-2020-12888 Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario
• BZ - 1842525 - CVE-2020-10757 kernel: kernel: DAX hugepages not considered during mremap
• BZ - 1845840 - CVE-2020-10766 kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
• BZ - 1845867 - CVE-2020-10767 kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available.
• BZ - 1845868 - CVE-2020-10768 kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command.

CVEs

• CVE-2019-3016
• CVE-2019-19807
• CVE-2020-10757
• CVE-2020-10766
• CVE-2020-10767
• CVE-2020-10768
• CVE-2020-12653
• CVE-2020-12654
• CVE-2020-12888

References

• https://access.redhat.com/security/updates/classification/#important