Red Hat Product Errata RHSA-2022:0629 - Security Advisory
Issued:
2022-02-22
Updated:
2022-02-22

RHSA-2022:0629 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)
  • kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000050e86018>] handle_userfault+0x530/0x1820 (BZ#2029420)
  • kernel-rt: update RT source tree to the latest RHEL-8.2.z15 Batch (BZ#2046275)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64

Fixes

  • BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
  • BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.src.rpm SHA-256: 07c10d642dfc17539400710d29333fb0749b8668e88a66884a1da26b7e3e5ca0
x86_64
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 4c64f8cb2d9ca5bbd395f87d2b438f4ff96b91a28af4c516b290f27455d57e01
kernel-rt-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 183546757deb973e85f946406213fa8f210ce92760d070bf414426a041c7371a
kernel-rt-debug-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: f4db7e06c8abf764fa74336533400252fee652c60f40da58c0cffacf9e2b22f8
kernel-rt-debug-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 8458ca5254f6c381645eee451ab0238ce3476c5562d360b4f7b4acb0f2fbd6f6
kernel-rt-debug-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 2c021172c038715e632bb4395123d5472957a25ece9f024776037cafcdd6065f
kernel-rt-debug-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: f5e96066a47d3ce231252db99a0d7b53f03db0948f3c58900970f7260269c770
kernel-rt-debug-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: ddc2dfada7cb5116178ff173d0e9432c47db6d0beaf304dd4400f3778207809d
kernel-rt-debug-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 06cea9917920f952526400490147556a30eb837a1137ffd912194145c4d7a3cc
kernel-rt-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: ec41f017c67e245c344d381ba786ca9d15d0c362e004f01b8cf48a6e3a759fc1
kernel-rt-debuginfo-common-x86_64-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 7818f437fe1bf7ffbd823c6502908153955e4827b22e4e2bfe0e2a46b05314aa
kernel-rt-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 2d1328bfa9a01e737e18a354b498e4576505440040931f7f918a9198bb672ea0
kernel-rt-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: e62d7a7c2e29e03c7c9899650d350164e82f203d8deee3d064d9c3fc2e1816b2
kernel-rt-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: d630d9b43bd6307ae8b670d132b1585ac43207eec30b5dbb4e849475c1ec1ee9

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.src.rpm SHA-256: 07c10d642dfc17539400710d29333fb0749b8668e88a66884a1da26b7e3e5ca0
x86_64
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 4c64f8cb2d9ca5bbd395f87d2b438f4ff96b91a28af4c516b290f27455d57e01
kernel-rt-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 183546757deb973e85f946406213fa8f210ce92760d070bf414426a041c7371a
kernel-rt-debug-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: f4db7e06c8abf764fa74336533400252fee652c60f40da58c0cffacf9e2b22f8
kernel-rt-debug-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 8458ca5254f6c381645eee451ab0238ce3476c5562d360b4f7b4acb0f2fbd6f6
kernel-rt-debug-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 2c021172c038715e632bb4395123d5472957a25ece9f024776037cafcdd6065f
kernel-rt-debug-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: f5e96066a47d3ce231252db99a0d7b53f03db0948f3c58900970f7260269c770
kernel-rt-debug-kvm-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 597148a6ae3bd363a5164c5672d7359432c31c281afdf5ec30b1c6d5de870d74
kernel-rt-debug-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: ddc2dfada7cb5116178ff173d0e9432c47db6d0beaf304dd4400f3778207809d
kernel-rt-debug-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 06cea9917920f952526400490147556a30eb837a1137ffd912194145c4d7a3cc
kernel-rt-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: ec41f017c67e245c344d381ba786ca9d15d0c362e004f01b8cf48a6e3a759fc1
kernel-rt-debuginfo-common-x86_64-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 7818f437fe1bf7ffbd823c6502908153955e4827b22e4e2bfe0e2a46b05314aa
kernel-rt-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: 2d1328bfa9a01e737e18a354b498e4576505440040931f7f918a9198bb672ea0
kernel-rt-kvm-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: e741e69a886a8ca25157070bebe4ca5f661e3ecadd2ab5f7379259a6c0a90347
kernel-rt-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: e62d7a7c2e29e03c7c9899650d350164e82f203d8deee3d064d9c3fc2e1816b2
kernel-rt-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm SHA-256: d630d9b43bd6307ae8b670d132b1585ac43207eec30b5dbb4e849475c1ec1ee9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.