红帽产品勘误 RHSA-2022:0851 - Security Advisory
发布:
2022-03-14
已更新:
2022-03-14

RHSA-2022:0851 - Security Advisory

概述

Important: kpatch-patch security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)
  • kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
  • kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
  • kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
  • kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

修复

  • BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
  • BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
  • BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
  • BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
  • BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
kpatch-patch-4_18_0-147_44_1-1-10.el8_1.src.rpm SHA-256: a43f9c06f4aa8a7e814b67484af2c757d2d2a1f2bb189b98d7489bcf078c08a9
kpatch-patch-4_18_0-147_48_1-1-7.el8_1.src.rpm SHA-256: 6b3cc9c1a74963b25ccc7576d3d53991357a7ef2ac85a3e0bef12fb2c1bb5655
kpatch-patch-4_18_0-147_51_1-1-6.el8_1.src.rpm SHA-256: b77e8351bfd5ca56d6506708628696b64d4d636c8a6a813299513fe6bd82b440
kpatch-patch-4_18_0-147_51_2-1-5.el8_1.src.rpm SHA-256: de34e8c5c697c47c6760a9feac9ba3ae4a6d6e94efee8cfc78b8f80de7554db0
kpatch-patch-4_18_0-147_52_1-1-4.el8_1.src.rpm SHA-256: c2db01b3c4ad7ec5e0f2be52fa2063591706a49a945cc146b564f2c30c460afc
kpatch-patch-4_18_0-147_54_2-1-3.el8_1.src.rpm SHA-256: 12534e0c794b46d7be1c68ca03189dc7d64572706bba7800291dc0a13321a3f1
kpatch-patch-4_18_0-147_56_1-1-3.el8_1.src.rpm SHA-256: 369218ec0bb8049d52cc8fc56e8249f40ef2fda625ebf040ba9d5a93ae9d6a6b
kpatch-patch-4_18_0-147_57_1-1-2.el8_1.src.rpm SHA-256: 0d1a1b3d1ff6b5f68f95c771b451b10747a7a2a0642efd89dbdec83e0140121b
kpatch-patch-4_18_0-147_59_1-1-1.el8_1.src.rpm SHA-256: a0bee3f81057f6ec12f42b918898ddbdaaacee87adfd4fa1de473c1cff606bca
ppc64le
kpatch-patch-4_18_0-147_44_1-1-10.el8_1.ppc64le.rpm SHA-256: 207c6b9b9ecdaee7aa60e004c0e38e1c924e56960231ae4d782a0e86c1c9581a
kpatch-patch-4_18_0-147_44_1-debuginfo-1-10.el8_1.ppc64le.rpm SHA-256: a20191579c572bda001676bd47fe9d29656ba89db708d5431d790c488e3da239
kpatch-patch-4_18_0-147_44_1-debugsource-1-10.el8_1.ppc64le.rpm SHA-256: e70cee3f69505f578c96fef3ad86fd33585c6ce0af3f00cb2c3b6b734faf9420
kpatch-patch-4_18_0-147_48_1-1-7.el8_1.ppc64le.rpm SHA-256: 04dec3d06f9a1d018af53ea78040eb755a79dc2b61a7795f7d7549529ffb4b13
kpatch-patch-4_18_0-147_48_1-debuginfo-1-7.el8_1.ppc64le.rpm SHA-256: 647917c84a0da13b5118aa8610989313f12cea5c1674a204501b0009bc130044
kpatch-patch-4_18_0-147_48_1-debugsource-1-7.el8_1.ppc64le.rpm SHA-256: 26ae905bc88ada92180bbc279653f829b351a09fb5b095e4aad6e1ad34a3f0c7
kpatch-patch-4_18_0-147_51_1-1-6.el8_1.ppc64le.rpm SHA-256: 4bb71b659701ea688a3062fdde8913659ac3fb18a44ae19dae1f7a0afec881dc
kpatch-patch-4_18_0-147_51_1-debuginfo-1-6.el8_1.ppc64le.rpm SHA-256: ff456f12689968cf619551501b8496f141c0ef9f20e3b3842b3620becefc5022
kpatch-patch-4_18_0-147_51_1-debugsource-1-6.el8_1.ppc64le.rpm SHA-256: 61ed2042bd2d38fd20652d8fbce7451a951eea98d93989a7b8af4c78d8559e1f
kpatch-patch-4_18_0-147_51_2-1-5.el8_1.ppc64le.rpm SHA-256: 2e149f5e9cb1f09e59a476c85b57ca6d30ea289c8bf44d3a3b74c702dca338da
kpatch-patch-4_18_0-147_51_2-debuginfo-1-5.el8_1.ppc64le.rpm SHA-256: 11451c029f4bbd4ffade3076c9293706843466eb6730aa2c4ded636feec3b8cc
kpatch-patch-4_18_0-147_51_2-debugsource-1-5.el8_1.ppc64le.rpm SHA-256: f4b7b7b6f31273a126445e80a957e9f40d1664685bda71652c431dc03ebbef12
kpatch-patch-4_18_0-147_52_1-1-4.el8_1.ppc64le.rpm SHA-256: f2ad17a1c83be2ff11beb9890d32ec0142de40fa3e55cfca73445c98d3206e12
kpatch-patch-4_18_0-147_52_1-debuginfo-1-4.el8_1.ppc64le.rpm SHA-256: b2c131a70da5fbd0b44acdacee65330505c2438e94b3f505f903f85cdee2add3
kpatch-patch-4_18_0-147_52_1-debugsource-1-4.el8_1.ppc64le.rpm SHA-256: d9415c0ebe3264a9ace2e7106ba22addc2ef860bdf3a912d436e458d5bcf7840
kpatch-patch-4_18_0-147_54_2-1-3.el8_1.ppc64le.rpm SHA-256: 0367f789d1e27c0ea6e843bbc25b2828d5cd9704b9e6d2e14c6c6f0ee8f2ad5b
kpatch-patch-4_18_0-147_54_2-debuginfo-1-3.el8_1.ppc64le.rpm SHA-256: 06b8f2238f473d528efb46b22fd27d42ff15d7efcb08852fd5a26147954a3541
kpatch-patch-4_18_0-147_54_2-debugsource-1-3.el8_1.ppc64le.rpm SHA-256: bb2ad13de85b632b8f7c05069f3b17728b8d8d6ed0377e3ac32fc9a31005b075
kpatch-patch-4_18_0-147_56_1-1-3.el8_1.ppc64le.rpm SHA-256: 9e566890b98bb44524bcb086be5f78f0604c516ae6dbfa7a6155bbaa69223cfa
kpatch-patch-4_18_0-147_56_1-debuginfo-1-3.el8_1.ppc64le.rpm SHA-256: 1ea9a2893aa9f2f00c35dc8a3d3c25750cdcd4ab171595103861f2e496593c2d
kpatch-patch-4_18_0-147_56_1-debugsource-1-3.el8_1.ppc64le.rpm SHA-256: 52f4ebc9b717fccbff63acebdfd4d02202240c1ae2395582d36d618bf5790fce
kpatch-patch-4_18_0-147_57_1-1-2.el8_1.ppc64le.rpm SHA-256: f50697d6e711a6fbf313a7ab01ee8d58cd107a4ebe21184efefa16e019fe5dbd
kpatch-patch-4_18_0-147_57_1-debuginfo-1-2.el8_1.ppc64le.rpm SHA-256: d14e60b8502d2c026511e5328d203e074adbd5be6f6669dd44c316f03ee17696
kpatch-patch-4_18_0-147_57_1-debugsource-1-2.el8_1.ppc64le.rpm SHA-256: ad12b0340e902d53d82abfd60644c90fb1e67e47317199d79012211370e47a97
kpatch-patch-4_18_0-147_59_1-1-1.el8_1.ppc64le.rpm SHA-256: dc0cad571994616a2f151b5f58b828d6b5e7affd1a7903200f0352ae43153d08
kpatch-patch-4_18_0-147_59_1-debuginfo-1-1.el8_1.ppc64le.rpm SHA-256: 4000353edce5eb6bdbeae5d78af30ff0b58e985ee09733cd27a4aa5832c69237
kpatch-patch-4_18_0-147_59_1-debugsource-1-1.el8_1.ppc64le.rpm SHA-256: 84f2bb92b7654f84fab9a46ded50ac56093f8084f6bbc5e30de3d490695bc3db

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
kpatch-patch-4_18_0-147_44_1-1-10.el8_1.src.rpm SHA-256: a43f9c06f4aa8a7e814b67484af2c757d2d2a1f2bb189b98d7489bcf078c08a9
kpatch-patch-4_18_0-147_48_1-1-7.el8_1.src.rpm SHA-256: 6b3cc9c1a74963b25ccc7576d3d53991357a7ef2ac85a3e0bef12fb2c1bb5655
kpatch-patch-4_18_0-147_51_1-1-6.el8_1.src.rpm SHA-256: b77e8351bfd5ca56d6506708628696b64d4d636c8a6a813299513fe6bd82b440
kpatch-patch-4_18_0-147_51_2-1-5.el8_1.src.rpm SHA-256: de34e8c5c697c47c6760a9feac9ba3ae4a6d6e94efee8cfc78b8f80de7554db0
kpatch-patch-4_18_0-147_52_1-1-4.el8_1.src.rpm SHA-256: c2db01b3c4ad7ec5e0f2be52fa2063591706a49a945cc146b564f2c30c460afc
kpatch-patch-4_18_0-147_54_2-1-3.el8_1.src.rpm SHA-256: 12534e0c794b46d7be1c68ca03189dc7d64572706bba7800291dc0a13321a3f1
kpatch-patch-4_18_0-147_56_1-1-3.el8_1.src.rpm SHA-256: 369218ec0bb8049d52cc8fc56e8249f40ef2fda625ebf040ba9d5a93ae9d6a6b
kpatch-patch-4_18_0-147_57_1-1-2.el8_1.src.rpm SHA-256: 0d1a1b3d1ff6b5f68f95c771b451b10747a7a2a0642efd89dbdec83e0140121b
kpatch-patch-4_18_0-147_59_1-1-1.el8_1.src.rpm SHA-256: a0bee3f81057f6ec12f42b918898ddbdaaacee87adfd4fa1de473c1cff606bca
x86_64
kpatch-patch-4_18_0-147_44_1-1-10.el8_1.x86_64.rpm SHA-256: e19eb25b1b50e301e5dabf1434d0c69d0e4b86554ef099e928f40c672e3a3020
kpatch-patch-4_18_0-147_44_1-debuginfo-1-10.el8_1.x86_64.rpm SHA-256: d77dce910c93399a517dea618a953e02978ba6dc61162eb08b05cda2f4a03307
kpatch-patch-4_18_0-147_44_1-debugsource-1-10.el8_1.x86_64.rpm SHA-256: 8e3d2359799931ad90a8beca5a169bba3834d1b56a88c906a424427d4b5a3ea4
kpatch-patch-4_18_0-147_48_1-1-7.el8_1.x86_64.rpm SHA-256: d4fddee5a6ba98b83b15b3c6018d2910138b344b94b845a4927660002df5f7d1
kpatch-patch-4_18_0-147_48_1-debuginfo-1-7.el8_1.x86_64.rpm SHA-256: 110f83260e76724cd39e3ba88e0f19282cfae84be3abcc1b2d3a702c429b96fd
kpatch-patch-4_18_0-147_48_1-debugsource-1-7.el8_1.x86_64.rpm SHA-256: 4ca07030eecba9a7fedb17c1d961721ff3ad5dbd3294d0e2845386bf2219d5b6
kpatch-patch-4_18_0-147_51_1-1-6.el8_1.x86_64.rpm SHA-256: b2193717b4e2061b9599ea17814e297d72a986065a5353bf4c192fe86225ac9b
kpatch-patch-4_18_0-147_51_1-debuginfo-1-6.el8_1.x86_64.rpm SHA-256: e4a9a4b2ac41429035d6e119f87a36d305380da9154247ac4e12cef29613e915
kpatch-patch-4_18_0-147_51_1-debugsource-1-6.el8_1.x86_64.rpm SHA-256: 217dd09e88f345c3f29e64ba3e2eca47686c6dd21c914d231b2a49353b8987c8
kpatch-patch-4_18_0-147_51_2-1-5.el8_1.x86_64.rpm SHA-256: 602d7ab5808af5c7a218aca561249bf17e5156873483a4c16bdeb5d218c56353
kpatch-patch-4_18_0-147_51_2-debuginfo-1-5.el8_1.x86_64.rpm SHA-256: 2766b346ed784595cd72d3fdc93f98478b23c00650b18d9d08ca2fdfea828bb0
kpatch-patch-4_18_0-147_51_2-debugsource-1-5.el8_1.x86_64.rpm SHA-256: be95c8cd7cbd829eba1a39d0c7e0afe63b04985cca4cad3039f3a221468b64ca
kpatch-patch-4_18_0-147_52_1-1-4.el8_1.x86_64.rpm SHA-256: f572c36bbab7f06c882974f3d3049a27021a82c0f13e58db35b3b5abd57bd968
kpatch-patch-4_18_0-147_52_1-debuginfo-1-4.el8_1.x86_64.rpm SHA-256: 8b57726a1e96c04ae35851f87eaedb6079a7bc33deee52af9a183f0c426ebdfc
kpatch-patch-4_18_0-147_52_1-debugsource-1-4.el8_1.x86_64.rpm SHA-256: e431ae50154866ba3308d0b502f3ec08451f4c1c24a10c57b3d26a3d29e7274b
kpatch-patch-4_18_0-147_54_2-1-3.el8_1.x86_64.rpm SHA-256: 0323110bbad24088efa75afbd577d123f5f6cefd5265933f82bf1af7006b3854
kpatch-patch-4_18_0-147_54_2-debuginfo-1-3.el8_1.x86_64.rpm SHA-256: 87a6f17d4cd5cc1ddcc364665e6c55cb0e67b85be6b0ade10b964fe7807f06da
kpatch-patch-4_18_0-147_54_2-debugsource-1-3.el8_1.x86_64.rpm SHA-256: 46f9a6f4d339e54c35817ec9ec80790f95c631a4688954d5dca0e9863d45870b
kpatch-patch-4_18_0-147_56_1-1-3.el8_1.x86_64.rpm SHA-256: 45ab49a90aa1afcacc3d986ab5eb2be71ab8423079a460b521d94ef23cb2effd
kpatch-patch-4_18_0-147_56_1-debuginfo-1-3.el8_1.x86_64.rpm SHA-256: b0014485880a799153a0d3f2f0bee382d4fa9c15be88da13c337c31468eb07bf
kpatch-patch-4_18_0-147_56_1-debugsource-1-3.el8_1.x86_64.rpm SHA-256: 02c41969fa5ef4f83d35ca95113ab73a3036fb5d61d9ffbc3aa0ed89e8a9821b
kpatch-patch-4_18_0-147_57_1-1-2.el8_1.x86_64.rpm SHA-256: 47639c3e246571e1b9144a9e9e5b867c34a365cf410da25c9bafb872598c428b
kpatch-patch-4_18_0-147_57_1-debuginfo-1-2.el8_1.x86_64.rpm SHA-256: ad5d4396d2ea05e0cfee339ab909e08f9209920444136cf4e265e8ff82f5ebf0
kpatch-patch-4_18_0-147_57_1-debugsource-1-2.el8_1.x86_64.rpm SHA-256: 037f3c0d2f2c6fada78434a4b77e48e13d9ee715f339596730dd080f70714e96
kpatch-patch-4_18_0-147_59_1-1-1.el8_1.x86_64.rpm SHA-256: 211fc0196b26a0cf64d0a824c3b770e7b9facf3750ab31b360672d7e8b486e9e
kpatch-patch-4_18_0-147_59_1-debuginfo-1-1.el8_1.x86_64.rpm SHA-256: 0089c62d93239cdc7a0281813ccff5af6c9b490ca66575ab41b32ab1e562b076
kpatch-patch-4_18_0-147_59_1-debugsource-1-1.el8_1.x86_64.rpm SHA-256: 17b1532ccf0cd8d8b722d929aff5ba9874eb2f346e990507ebbff58ae5e70c98

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/