RHSA-2021:2316: Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<br>Security Fix(es):<br><li> kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)</li> <li> kernel: Use after free via PI futex state (CVE-2021-3347)</li> <li> kernel: use-after-free in nttyreceivebufcommon function in drivers/tty/ntty.c (CVE-2020-8648)</li> <li> kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363)</li> <li> kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364)</li> <li> kernel: Speculation on pointer arithmetic against bpfcontext pointer (CVE-2020-27170)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> lru-add-drain workqueue on RT is allocated without being used (BZ#1894587)</li> <li> kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118)</li>
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2021:2316?
The severity of RHSA-2021:2316 is classified as moderate.
How do I fix RHSA-2021:2316?
To fix RHSA-2021:2316, update the affected kernel-rt packages to version 3.10.0-1160.31.1.rt56.1169.el7.
What vulnerabilities are addressed in RHSA-2021:2316?
RHSA-2021:2316 addresses vulnerabilities including an integer overflow in Intel Graphics Drivers (CVE-2020-12362) and a use-after-free condition.
What packages are affected by RHSA-2021:2316?
The affected packages include various kernel-rt packages such as kernel-rt, kernel-rt-debug, and kernel-rt-devel.
Is RHSA-2021:2316 applicable to all systems?
RHSA-2021:2316 is applicable to systems running the specified versions of the Real Time Linux Kernel on Red Hat Enterprise Linux.