5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue.
Bug Fix(es):
The kernel-rt packages have been upgraded to the 3.10.0-693.11.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1500035)
Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507053)
Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507054)
In the realtime kernel, if the rt_mutex locking mechanism was taken in the interrupt context, the normal priority inheritance protocol incorrectly identified a deadlock, and a kernel panic occurred. This update reverts the patch that added rt_mutex in the interrupt context, and the kernel no longer panics due to this behavior. (BZ#1511382)
Enhancement(s):
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%