RHSA-2019:3309: Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es): kernel: nfs: use-after-free in svcprocesscommon() (CVE-2018-16884) Kernel: vhostnet: infinite loop while receiving packets leads to DoS (CVE-2019-3900) Kernel: page cache side channel attacks (CVE-2019-5489) hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) kernel: Heap overflow in mwifiexuapparsetailies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) kernel: Information Disclosure in cryptoreportone in crypto/cryptouser.c (CVE-2018-19854) kernel: usb: missing size check in the usbgetextradescriptor() leading to DoS (CVE-2018-20169) kernel: Heap address information leak while using L2CAPGETCONFOPT (CVE-2019-3459) kernel: Heap address information leak while using L2CAPPARSECONFRSP (CVE-2019-3460) kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) kernel: null-pointer dereference in hciuartsetflowcontrol (CVE-2019-10207) kernel: fix race condition between mmgetnotzero()/gettaskmm() and core dumping (CVE-2019-11599) kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) kernel: memory leak in registerqueuekobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) kernel: oob memory read in hsoprobe in drivers/net/usb/hso.c (CVE-2018-19985) Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2019:3309?
The severity of RHSA-2019:3309 is classified as important due to the potential for a use-after-free vulnerability in the kernel.
What vulnerabilities are addressed in RHSA-2019:3309?
RHSA-2019:3309 addresses a use-after-free vulnerability related to NFS and an infinite loop vulnerability in vhost_net.
How do I fix RHSA-2019:3309?
To fix RHSA-2019:3309, update the kernel-rt packages to version 4.18.0-147.rt24.93.el8 or higher.
Which packages are affected by RHSA-2019:3309?
The affected packages in RHSA-2019:3309 include kernel-rt, kernel-rt-core, and various kernel-rt debug packages.
Is it safe to apply the patch for RHSA-2019:3309?
Yes, applying the patch for RHSA-2019:3309 is safe and recommended to mitigate potential security risks.