Red Hat Product Errata RHSA-2022:1199 - Security Advisory
Issued:
2022-04-05
Updated:
2022-04-05

RHSA-2022:1199 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)
  • kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update to the latest RHEL7.9.z13 source tree (BZ#2059411)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
  • BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.62.1.rt56.1203.el7.src.rpm SHA-256: 5785a9b769f383eeef00cd7964e117eda1628327735fee00b4e87ce3ab3edfce
x86_64
kernel-rt-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 8d43ba6e28aa3921d1313bc8cfcbb99e44c707a5d3768e06aabcc164de00c61c
kernel-rt-debug-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 11a29444fcd2260039fcb64a56380369cc9b28da1a0218e8863586c93ccd509a
kernel-rt-debug-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 49454c302f1014173a3c4e53417ff753da79259d699103e06e2dc43768d10458
kernel-rt-debug-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 9e3d5153424f1f2d0c416a8cb1fcc1d2980a7af6e3b005e0930175822515df50
kernel-rt-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 95f0411f3a6c7650fc4c725d8963982d3272a4b862cddda89695189e75c21af1
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 80f31d0b28ff0e543cc88d7286a443438089506ca8bbba3b8af5f202bafb5712
kernel-rt-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 7c34c936fb3afc077d8b709a7f6fc8131e25f155b13fa62591e570f84da0b8ea
kernel-rt-doc-3.10.0-1160.62.1.rt56.1203.el7.noarch.rpm SHA-256: 2f1167c173c4e64b0afdbfac3453a166cd1e0d829491d84ef56a0c8896138427
kernel-rt-trace-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 2c7651352b5d2a33be4580ae3ac8abdb391eaf0355d1c9b9d0711168536db8a1
kernel-rt-trace-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 37ef2eb032b85d47b44cf19bffc8d4f18d9d082069307a1caa98f7ae15bddedb
kernel-rt-trace-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 515dcea47df3764c0794962bf33dcd236883e55eedc9c50b5fcf8641c0061446

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.62.1.rt56.1203.el7.src.rpm SHA-256: 5785a9b769f383eeef00cd7964e117eda1628327735fee00b4e87ce3ab3edfce
x86_64
kernel-rt-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 8d43ba6e28aa3921d1313bc8cfcbb99e44c707a5d3768e06aabcc164de00c61c
kernel-rt-debug-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 11a29444fcd2260039fcb64a56380369cc9b28da1a0218e8863586c93ccd509a
kernel-rt-debug-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 49454c302f1014173a3c4e53417ff753da79259d699103e06e2dc43768d10458
kernel-rt-debug-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 9e3d5153424f1f2d0c416a8cb1fcc1d2980a7af6e3b005e0930175822515df50
kernel-rt-debug-kvm-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 0e0b47048fb7032d2d7d33b464747e010013b3f62dba6f42584c63cb026ae383
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: a637eb7ba2830dbb39c0e82fe00ea9023cd6436165415d84ce9d6a6805131709
kernel-rt-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 95f0411f3a6c7650fc4c725d8963982d3272a4b862cddda89695189e75c21af1
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 80f31d0b28ff0e543cc88d7286a443438089506ca8bbba3b8af5f202bafb5712
kernel-rt-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 7c34c936fb3afc077d8b709a7f6fc8131e25f155b13fa62591e570f84da0b8ea
kernel-rt-doc-3.10.0-1160.62.1.rt56.1203.el7.noarch.rpm SHA-256: 2f1167c173c4e64b0afdbfac3453a166cd1e0d829491d84ef56a0c8896138427
kernel-rt-kvm-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 615a791a79aaae9c771481df4b4134d870583bd0b434681d915646b69c5eb14c
kernel-rt-kvm-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: efeea1a404249e3a21040b8964903d686d1323a3db688d9b5cac259d8bbb0221
kernel-rt-trace-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 2c7651352b5d2a33be4580ae3ac8abdb391eaf0355d1c9b9d0711168536db8a1
kernel-rt-trace-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 37ef2eb032b85d47b44cf19bffc8d4f18d9d082069307a1caa98f7ae15bddedb
kernel-rt-trace-devel-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 515dcea47df3764c0794962bf33dcd236883e55eedc9c50b5fcf8641c0061446
kernel-rt-trace-kvm-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 08f59f99e04cab49bf641f9b03f870cec2df1189287489a1660386d9153eb94e
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.62.1.rt56.1203.el7.x86_64.rpm SHA-256: 76bce1a500c8e967367957750d33de5b3078fae3950713b76b914715a883b1a4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.