(RHSA-2018:2165) Moderate: kernel-rt security, and enhancement update

ID RHSA-2018:2165
Type redhat
Reporter RedHat
Modified 2018-07-10T20:19:08


The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Buffer over-read in keyring subsystem allows exposing potentially sensitive information to local attacker (CVE-2017-13305)

  • Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665.


  • The kernel-rt packages have been upgraded to version 3.10.0-693.35.1.rt56.623, which provides a number of bug fixes over the previous version. (BZ#1579972)

Users of kernel-rt are advised to upgrade to these updated packages, which add this enhancement.

The system must be rebooted for this update to take effect.