- Issued:
- 2022-05-31
- Updated:
- 2022-05-31
RHSA-2022:4835 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)
- kernel: security regression for CVE-2018-13405 (CVE-2021-4037)
- kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z9 source tree (BZ#2075148)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
- BZ - 2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405
- BZ - 2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.49.1.rt7.121.el8_4.src.rpm | SHA-256: 6263c8e84ec4ebb0d9901d9ed3745ea03270eeded144cdba6bb7fead35f635a1 |
| x86_64 | |
| kernel-rt-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: b3a1df499c63145954fbbe38ca0bf846faeb4f801e3fb20e9aaa21851b6395b4 |
| kernel-rt-core-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 07f2cd5a572df9cc14116eabd49868ec05045c629a284a4d8c2a658c7bff160c |
| kernel-rt-debug-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: f4e226081b4a539c65a36a2f7a53e9b70462060da845366b80fb61dd5d532ee4 |
| kernel-rt-debug-core-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: fc7d9d1df188105308c697f56992fa56e07f30d12152fe6ddb7ea8e4871aa20d |
| kernel-rt-debug-debuginfo-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: a59e14488892ffb898859fd18dd74472532815b840084d1d20f2b1405c467655 |
| kernel-rt-debug-devel-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: b92a93b7d17f153b5f1dff5b69128a1360ce8479b7ec1a807fc6c81eb78d602f |
| kernel-rt-debug-modules-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 874db34e6fe054428b1ee44f6cdd00b19e50922ef032c99ee050a8aac00f65b8 |
| kernel-rt-debug-modules-extra-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 0011d72f46e917bc84220396bbe8a895fb68dcfbed1d06d50ede01c82f130258 |
| kernel-rt-debuginfo-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 8e942b7dc798c805096747fe6cb240b7b4f0b1833168eeb53d4ee9caa1f72526 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: f5eaa0be1b433f249a282cf5efe88ed53da12b5c116275c67d5a6900c95238ce |
| kernel-rt-devel-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 1528d52a99c9c358749487e23911e1adc4455b3bdb2c3f226a1095a7a8429d87 |
| kernel-rt-modules-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: bde4da032a17665f2ca0c614fd1b2e2f16f1bae26080547b0d777e6768875e31 |
| kernel-rt-modules-extra-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 001fe43d174e9e8213d54e12d48e297fb30f716c64051ec13180c81ed96ce79e |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.49.1.rt7.121.el8_4.src.rpm | SHA-256: 6263c8e84ec4ebb0d9901d9ed3745ea03270eeded144cdba6bb7fead35f635a1 |
| x86_64 | |
| kernel-rt-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: b3a1df499c63145954fbbe38ca0bf846faeb4f801e3fb20e9aaa21851b6395b4 |
| kernel-rt-core-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 07f2cd5a572df9cc14116eabd49868ec05045c629a284a4d8c2a658c7bff160c |
| kernel-rt-debug-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: f4e226081b4a539c65a36a2f7a53e9b70462060da845366b80fb61dd5d532ee4 |
| kernel-rt-debug-core-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: fc7d9d1df188105308c697f56992fa56e07f30d12152fe6ddb7ea8e4871aa20d |
| kernel-rt-debug-debuginfo-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: a59e14488892ffb898859fd18dd74472532815b840084d1d20f2b1405c467655 |
| kernel-rt-debug-devel-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: b92a93b7d17f153b5f1dff5b69128a1360ce8479b7ec1a807fc6c81eb78d602f |
| kernel-rt-debug-kvm-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: bfa7f33701ff0b798a98477eb307544d386e18d238d68ad0d51415e6ac3b6a41 |
| kernel-rt-debug-modules-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 874db34e6fe054428b1ee44f6cdd00b19e50922ef032c99ee050a8aac00f65b8 |
| kernel-rt-debug-modules-extra-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 0011d72f46e917bc84220396bbe8a895fb68dcfbed1d06d50ede01c82f130258 |
| kernel-rt-debuginfo-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 8e942b7dc798c805096747fe6cb240b7b4f0b1833168eeb53d4ee9caa1f72526 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: f5eaa0be1b433f249a282cf5efe88ed53da12b5c116275c67d5a6900c95238ce |
| kernel-rt-devel-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 1528d52a99c9c358749487e23911e1adc4455b3bdb2c3f226a1095a7a8429d87 |
| kernel-rt-kvm-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 4b7fda8f835f2b2e102b32b8c8de09cb6f0164793a0346149eea34a4a9bdecdf |
| kernel-rt-modules-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: bde4da032a17665f2ca0c614fd1b2e2f16f1bae26080547b0d777e6768875e31 |
| kernel-rt-modules-extra-4.18.0-305.49.1.rt7.121.el8_4.x86_64.rpm | SHA-256: 001fe43d174e9e8213d54e12d48e297fb30f716c64051ec13180c81ed96ce79e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
