Issued:
2022-06-28
Updated:
2022-06-28

RHSA-2022:5214 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)
  • kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-1966)
  • kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
  • BZ - 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
  • BZ - 2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

Red Hat Enterprise Linux for x86_64 9

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
x86_64
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.x86_64.rpm SHA-256: 6893e57f3dd7c8df77166f2fb7dffc12982d7b19f0f6467adef3c45f4f4a59b1
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.x86_64.rpm SHA-256: 1a6b2cb629035e323fc119a5fdb76f8dc7f79f448458717e9621df895eb3e184
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.x86_64.rpm SHA-256: cacfdbbb5192654fcdbbf19baf2636e2ae0d4f50325d43f956bdee3e42544ef3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
x86_64
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.x86_64.rpm SHA-256: 6893e57f3dd7c8df77166f2fb7dffc12982d7b19f0f6467adef3c45f4f4a59b1
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.x86_64.rpm SHA-256: 1a6b2cb629035e323fc119a5fdb76f8dc7f79f448458717e9621df895eb3e184
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.x86_64.rpm SHA-256: cacfdbbb5192654fcdbbf19baf2636e2ae0d4f50325d43f956bdee3e42544ef3

Red Hat Enterprise Linux for Power, little endian 9

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
ppc64le
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.ppc64le.rpm SHA-256: d90da7d2bddbeab627b9a518134a8f6974d2615d8ab18063206f13a31c2f5449
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.ppc64le.rpm SHA-256: a92183df74f0304fffdf2fd8431e0769f78644e78969f8b957ad33852a5b214a
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.ppc64le.rpm SHA-256: a094e8218d182d66ef03833c165a829b4b28542c6f6921285dd155b94f1d5450

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
ppc64le
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.ppc64le.rpm SHA-256: d90da7d2bddbeab627b9a518134a8f6974d2615d8ab18063206f13a31c2f5449
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.ppc64le.rpm SHA-256: a92183df74f0304fffdf2fd8431e0769f78644e78969f8b957ad33852a5b214a
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.ppc64le.rpm SHA-256: a094e8218d182d66ef03833c165a829b4b28542c6f6921285dd155b94f1d5450

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
ppc64le
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.ppc64le.rpm SHA-256: d90da7d2bddbeab627b9a518134a8f6974d2615d8ab18063206f13a31c2f5449
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.ppc64le.rpm SHA-256: a92183df74f0304fffdf2fd8431e0769f78644e78969f8b957ad33852a5b214a
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.ppc64le.rpm SHA-256: a094e8218d182d66ef03833c165a829b4b28542c6f6921285dd155b94f1d5450

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.src.rpm SHA-256: a919ee8ab97a8143ec24f3264e6354e20a7558574705c3313f63e9f36f9bf70a
x86_64
kpatch-patch-5_14_0-70_13_1-1-1.el9_0.x86_64.rpm SHA-256: 6893e57f3dd7c8df77166f2fb7dffc12982d7b19f0f6467adef3c45f4f4a59b1
kpatch-patch-5_14_0-70_13_1-debuginfo-1-1.el9_0.x86_64.rpm SHA-256: 1a6b2cb629035e323fc119a5fdb76f8dc7f79f448458717e9621df895eb3e184
kpatch-patch-5_14_0-70_13_1-debugsource-1-1.el9_0.x86_64.rpm SHA-256: cacfdbbb5192654fcdbbf19baf2636e2ae0d4f50325d43f956bdee3e42544ef3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.