-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:1070-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1070 Issue date: 2021-04-06 CVE Names: CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1930078 - CVE-2021-27365 kernel: heap buffer overflow in the iSCSI subsystem 1930079 - CVE-2021-27363 kernel: iscsi: unrestricted access to sessions and handles 1930080 - CVE-2021-27364 kernel: out-of-bounds read in libiscsi module 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm Red Hat Enterprise Linux for Real Time (v. 7): Source: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-27363 https://access.redhat.com/security/cve/CVE-2021-27364 https://access.redhat.com/security/cve/CVE-2021-27365 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYGwUItzjgjWX9erEAQjxsA//SlDSD/SJHCxceZvPrzgBTa7x6icArqhH 08++iBcxQ924tX3O9AizfbKGi4SfixaLnkTK/ZmucTD1nctMxvbQU/bSwnqT6NEv SIEMMhxnwCG09utCX1hlKMjOjtwT53oapInBu8svGowlXzOg4WSzBLv5q7A7QmuQ uFkSrymbQvoGVsDW3cee2xksPtHDuXg7rsNrnr5sfpyY0qrONgiy9WnhR4C/fCw3 uG/kedTHM4tTT0+8JgC4hfiAOZSSf6cowobPkE/kmOGxmUdLC8G4aRNQzOP/PPyp MXQfo77P5Oq8FDt28DqlTTxu589YKUiY0/QtiCy4+nKMQ3eCFu6MK8es20VEamrk CSr8Ms5OzUbAgEwlQnqcKjaXqEa6Z10SrqgL6tVYQmnqmO5y8XcnAJTNN8aAjvWj 6FoTLwpcGkNuL6ctaUjf8+tv/ybZG5OTLgvBto8pmS4pQBldxsn5MJUERye3POes lh6QZtE3x59NsuDV0nczleVHO7pHbgpe5EiNXufRIVp9VvH6VU3JArSFq5GOwqNC TRei+AumL9AL9cUWUE50DR3aBiPvXUbYabz8v0e5fPeXl/EkQAiypT4l82bxwoqI l7CV1v62LoyfaPfHq34dPZA8I4BAdqorDYSDbtcgkOO1W1T4NeNOIBRJn6J/n8QW r8zE0R3Ih9M=OvRU -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce