- Issued:
- 2022-04-19
- Updated:
- 2022-04-19
RHSA-2022:1413 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
- kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
- kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z8 source tree (BZ#2059334)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
- BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
- BZ - 2056830 - CVE-2022-25636 kernel: heap out of bounds write in nf_dup_netdev.c
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.45.1.rt7.117.el8_4.src.rpm | SHA-256: 37b36ee00d40471d94dbed914ebcdcdcfdf5d351930dc4e71031a49d8ff9c1b8 |
| x86_64 | |
| kernel-rt-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 64a2c34a6462dee183f70a4231870afc63c51427f39b8b0b064d65db2b28337d |
| kernel-rt-core-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: af8f34de65aca49e4fcaa60f38498ede7eafed4e93660ce1d30d7218ba3734ac |
| kernel-rt-debug-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 26bd39c778865edf8c769f4843b217907889f80ae226dd4070e32625ffc324b8 |
| kernel-rt-debug-core-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: fe64e38a6750034ec04f4394b6886798d6b7031a0385afc72a4ef5b846676268 |
| kernel-rt-debug-debuginfo-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: cf4c9cb2ea1fa3e666fc372c5328efbbc10013cdaf5b3a8c9678a9eda07af94c |
| kernel-rt-debug-devel-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: dcb02c5b4c0625050fb0254e9a17d04acb30fe34f068ea3d60ed7c8d9051633b |
| kernel-rt-debug-modules-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: ea634c1042590baee75ed27beaca98b1e7bb81b67183b75075541b0e54bafb19 |
| kernel-rt-debug-modules-extra-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 8bcc04050af9e4390e53b39b8dd8170ae5b909d30dd352f48d66fc7f7bb22b0b |
| kernel-rt-debuginfo-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: cc4d9214facb72f46024388bb5573341d850289c7cc7acd589cd93c1aa5e4545 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 65cf75b673a98cbd6010aee6e7f1652e1aa8c5c461364fee899b0ed04982bf8f |
| kernel-rt-devel-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: e693a4f39b87718c5339f9deb8924e7f63d6d3103dfd5b93c49ec82dd56d869c |
| kernel-rt-modules-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: a826c9ca9e7f0b929d372f9b5c363126cf5c66451e86e82f874760579e620ee6 |
| kernel-rt-modules-extra-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 680ed1df458b5a63e1f73ac39b1f9c927dfa7ebf6f35dfe8f3d8d39fc6aa4e3c |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.45.1.rt7.117.el8_4.src.rpm | SHA-256: 37b36ee00d40471d94dbed914ebcdcdcfdf5d351930dc4e71031a49d8ff9c1b8 |
| x86_64 | |
| kernel-rt-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 64a2c34a6462dee183f70a4231870afc63c51427f39b8b0b064d65db2b28337d |
| kernel-rt-core-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: af8f34de65aca49e4fcaa60f38498ede7eafed4e93660ce1d30d7218ba3734ac |
| kernel-rt-debug-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 26bd39c778865edf8c769f4843b217907889f80ae226dd4070e32625ffc324b8 |
| kernel-rt-debug-core-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: fe64e38a6750034ec04f4394b6886798d6b7031a0385afc72a4ef5b846676268 |
| kernel-rt-debug-debuginfo-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: cf4c9cb2ea1fa3e666fc372c5328efbbc10013cdaf5b3a8c9678a9eda07af94c |
| kernel-rt-debug-devel-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: dcb02c5b4c0625050fb0254e9a17d04acb30fe34f068ea3d60ed7c8d9051633b |
| kernel-rt-debug-kvm-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 7d9d316590e632d756a7e91990d0bc24e4b892d1412f295c1c060b11b433a1a5 |
| kernel-rt-debug-modules-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: ea634c1042590baee75ed27beaca98b1e7bb81b67183b75075541b0e54bafb19 |
| kernel-rt-debug-modules-extra-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 8bcc04050af9e4390e53b39b8dd8170ae5b909d30dd352f48d66fc7f7bb22b0b |
| kernel-rt-debuginfo-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: cc4d9214facb72f46024388bb5573341d850289c7cc7acd589cd93c1aa5e4545 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 65cf75b673a98cbd6010aee6e7f1652e1aa8c5c461364fee899b0ed04982bf8f |
| kernel-rt-devel-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: e693a4f39b87718c5339f9deb8924e7f63d6d3103dfd5b93c49ec82dd56d869c |
| kernel-rt-kvm-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 0a8567b684f2b900f17af6be6228748090f4a40799301bc916c485273a0fa8db |
| kernel-rt-modules-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: a826c9ca9e7f0b929d372f9b5c363126cf5c66451e86e82f874760579e620ee6 |
| kernel-rt-modules-extra-4.18.0-305.45.1.rt7.117.el8_4.x86_64.rpm | SHA-256: 680ed1df458b5a63e1f73ac39b1f9c927dfa7ebf6f35dfe8f3d8d39fc6aa4e3c |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.