- Issued:
- 2022-03-10
- Updated:
- 2022-03-10
RHSA-2022:0819 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847)
- kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
- kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
- kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
- kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
- kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
- kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel symbol '__rt_mutex_init' is exported GPL-only in kernel 4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423)
- kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree (BZ#2045589)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6 x86_64
Fixes
- BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- BZ - 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
- BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
- BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
- BZ - 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
- BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
- BZ - 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm | SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384 |
| x86_64 | |
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060 |
| kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9 |
| kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11 |
| kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e |
| kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d |
| kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1 |
| kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964 |
| kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98 |
| kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f |
| kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7 |
| kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218 |
| kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm | SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384 |
| x86_64 | |
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060 |
| kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9 |
| kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11 |
| kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e |
| kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d |
| kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1 |
| kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 55bc8ed38dd83e64bc158f9911175d0d42b513233e2c0f1203d9fb824832e826 |
| kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964 |
| kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98 |
| kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f |
| kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7 |
| kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: c490b9923bfce7f52530ac38b1bef79ba96276cb56a633d68faff59c1988e3bc |
| kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218 |
| kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm | SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384 |
| x86_64 | |
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060 |
| kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9 |
| kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11 |
| kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e |
| kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d |
| kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1 |
| kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964 |
| kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98 |
| kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f |
| kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7 |
| kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218 |
| kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm | SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384 |
| x86_64 | |
| kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060 |
| kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9 |
| kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11 |
| kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e |
| kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d |
| kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1 |
| kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 55bc8ed38dd83e64bc158f9911175d0d42b513233e2c0f1203d9fb824832e826 |
| kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964 |
| kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98 |
| kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f |
| kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7 |
| kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: c490b9923bfce7f52530ac38b1bef79ba96276cb56a633d68faff59c1988e3bc |
| kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218 |
| kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm | SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.