- Issued:
- 2022-06-28
- Updated:
- 2022-06-28
RHSA-2022:5224 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)
- kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)
- kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-1966)
- kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)
- kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-8.2.z18 Batch (BZ#2081080)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1903244 - CVE-2020-29368 kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
- BZ - 2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
- BZ - 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
- BZ - 2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation
- BZ - 2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.87.1.rt13.137.el8_2.src.rpm | SHA-256: 430334561206f6e599e937db7ba83793fe29a1af5a20c28fd799511b48b7f672 |
| x86_64 | |
| kernel-rt-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 0886025072cdb8e6b1327fb53938700ff23fd4caebd138076d294fd22623865c |
| kernel-rt-core-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 6654537f0abdd8d4a6d6a46c83af7055fd23935694efeea779bf78a2570a48ad |
| kernel-rt-debug-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 5fd29b53544dddd6a55aadd79b26fef232493fc176c7aadaef7d7b0083ee32a9 |
| kernel-rt-debug-core-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 56ee917c09281ad6c953389f07ce594f6a247ddeb4cedcee1367836484bee029 |
| kernel-rt-debug-debuginfo-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 41373279b34f89fa370a1816e62e2d768fc36bc0d2afc3ed84810514b9c9c487 |
| kernel-rt-debug-devel-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 128087979049be7ae4ccfba8434251263e2c8b5ed4acbf964eecdee4e172dfb0 |
| kernel-rt-debug-modules-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 52162fe32bc94a4449f55ab5079e5733e602cb9a3eb3d96b1b25e000dbc0f416 |
| kernel-rt-debug-modules-extra-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: b8bbf6c1bb33ec9c9c402a16c9abd59ad628d1e535b6b36dbc1346bae82fa362 |
| kernel-rt-debuginfo-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 9d719572b85605b25ecff703b84308b7ef738f8362d5a01fbd884a7bad70e422 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 20193eeaa279607f57e5c90238be07bab0e0649549d80889585c5416afc0701d |
| kernel-rt-devel-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 69e5866415307029d59b1e88bfc9d1fade725f0c041565f4fcea8150cd493655 |
| kernel-rt-modules-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 82d0df208637c7756bd9e7a4581b1ac6a5631c09c55ed34e023d89b855b47502 |
| kernel-rt-modules-extra-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 5897d735cbc8f3091113431595a857f3fac930b7387d1d71b68cbf51cb376a90 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.87.1.rt13.137.el8_2.src.rpm | SHA-256: 430334561206f6e599e937db7ba83793fe29a1af5a20c28fd799511b48b7f672 |
| x86_64 | |
| kernel-rt-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 0886025072cdb8e6b1327fb53938700ff23fd4caebd138076d294fd22623865c |
| kernel-rt-core-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 6654537f0abdd8d4a6d6a46c83af7055fd23935694efeea779bf78a2570a48ad |
| kernel-rt-debug-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 5fd29b53544dddd6a55aadd79b26fef232493fc176c7aadaef7d7b0083ee32a9 |
| kernel-rt-debug-core-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 56ee917c09281ad6c953389f07ce594f6a247ddeb4cedcee1367836484bee029 |
| kernel-rt-debug-debuginfo-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 41373279b34f89fa370a1816e62e2d768fc36bc0d2afc3ed84810514b9c9c487 |
| kernel-rt-debug-devel-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 128087979049be7ae4ccfba8434251263e2c8b5ed4acbf964eecdee4e172dfb0 |
| kernel-rt-debug-kvm-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 063d831e54c481f1a0f8dcf50d3f5790e6640b4e33bfdc32df7c2964aac32939 |
| kernel-rt-debug-modules-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 52162fe32bc94a4449f55ab5079e5733e602cb9a3eb3d96b1b25e000dbc0f416 |
| kernel-rt-debug-modules-extra-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: b8bbf6c1bb33ec9c9c402a16c9abd59ad628d1e535b6b36dbc1346bae82fa362 |
| kernel-rt-debuginfo-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 9d719572b85605b25ecff703b84308b7ef738f8362d5a01fbd884a7bad70e422 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 20193eeaa279607f57e5c90238be07bab0e0649549d80889585c5416afc0701d |
| kernel-rt-devel-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 69e5866415307029d59b1e88bfc9d1fade725f0c041565f4fcea8150cd493655 |
| kernel-rt-kvm-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 0e470638c663631aaa055aef9340bfb6749e65c38ee40b9bec9d07a2a9a6cbed |
| kernel-rt-modules-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 82d0df208637c7756bd9e7a4581b1ac6a5631c09c55ed34e023d89b855b47502 |
| kernel-rt-modules-extra-4.18.0-193.87.1.rt13.137.el8_2.x86_64.rpm | SHA-256: 5897d735cbc8f3091113431595a857f3fac930b7387d1d71b68cbf51cb376a90 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
