Red Hat Product Errata RHSA-2022:0819 - Security Advisory
Issued:
2022-03-10
Updated:
2022-03-10

RHSA-2022:0819 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847)
  • kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
  • kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
  • kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
  • kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
  • kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
  • kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel symbol '__rt_mutex_init' is exported GPL-only in kernel 4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423)
  • kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree (BZ#2045589)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6 x86_64

Fixes

  • BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • BZ - 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
  • BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
  • BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
  • BZ - 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
  • BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
  • BZ - 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 55bc8ed38dd83e64bc158f9911175d0d42b513233e2c0f1203d9fb824832e826
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: c490b9923bfce7f52530ac38b1bef79ba96276cb56a633d68faff59c1988e3bc
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.6

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 55bc8ed38dd83e64bc158f9911175d0d42b513233e2c0f1203d9fb824832e826
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: c490b9923bfce7f52530ac38b1bef79ba96276cb56a633d68faff59c1988e3bc
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.6

SRPM
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.src.rpm SHA-256: 4645aab0e35a41017e62f7715bb7f5f52e11e0d1995d2c96a7898b9e93cc5384
x86_64
kernel-rt-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: bf4ee626907f9cc525b6ee67bf09cb8f5844dcbd5058486883aefc160cccc060
kernel-rt-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 2fd7a16e003affc3b9cac0d22ae4a079db821259dce30c0470259d2134172ea9
kernel-rt-debug-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 7f8e49036057c00e282b2c158d700c0510b85457ec93dc1519d650128036fa11
kernel-rt-debug-core-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: d7ddf6006249fe016575aa55a83bc4743bb69e26fd5d9b008c47aa695cd4691e
kernel-rt-debug-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 6828003a65579bad781742c0d1e0d999292a972f32d951c47033c7130d46b57d
kernel-rt-debug-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: f1703f41a6ea8645b76c3ed42b3c6375bae337e56fafb54f424cf73614e11bf1
kernel-rt-debug-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 55bc8ed38dd83e64bc158f9911175d0d42b513233e2c0f1203d9fb824832e826
kernel-rt-debug-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 705b84ed987a171c970baaa673c611376890fdd228ef6b232dd694aa10b96964
kernel-rt-debug-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: a041eb96cc803e1b7f1a521ad597e29c7c281c53c2e8f0194b1a139e25c96f98
kernel-rt-debuginfo-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 0f63ae39a19d8a4f8546599fc2b598bb78c544f2392632378195479d4dca4169
kernel-rt-debuginfo-common-x86_64-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 02f113e2297baf6626feca0ee084de69e31055f61f5e9e9dfea79d25dd54e53f
kernel-rt-devel-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: b8fb28d9f231ec775bd09225c2d5751df8a37bb26657b94993ed09d2eb96c6b7
kernel-rt-kvm-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: c490b9923bfce7f52530ac38b1bef79ba96276cb56a633d68faff59c1988e3bc
kernel-rt-modules-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: 50e6e2b221aa08245dc0cad33dda3241cc736794dfabd3dcab57e4fe4ab52218
kernel-rt-modules-extra-4.18.0-348.20.1.rt7.150.el8_5.x86_64.rpm SHA-256: beff108bc5e6b1d60fc99b065cc48d913277c8ee812cd48b3e97d9c62db8fc59

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.