- Issued:
- 2022-06-28
- Updated:
- 2022-06-28
RHSA-2022:5267 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)
- kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)
- kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-1966)
- kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-9.0.z1 Batch (BZ#2089492)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 9 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
- BZ - 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
- BZ - 2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation
- BZ - 2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 9
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.src.rpm | SHA-256: 8ce1793d28edb3f6caa97da39a4bbd3162f8d9e65368a17301971e2f8569791c |
| x86_64 | |
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a528edfc61b2e548a09c0593c6ab7e9a884bae00443abcbde3f5b499b9a5b452 |
| kernel-rt-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: f302e1bd6f7d6b26b9e72e80acaaf2fe1de7421d3534a6ec150104bc1d2a1d53 |
| kernel-rt-debug-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: edaa54e3464daf3682763d40f23eec24d48102a01166bb3be5c540dec5d0e989 |
| kernel-rt-debug-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 2e92155ccc78d8ac3a22e6b346ed420d6d623ea5314ed120757146941d734434 |
| kernel-rt-debug-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 6a79dad1ffa9d8e6a99bcec0dddb600a3d049a64bcbd9e661244ecd3da27a865 |
| kernel-rt-debug-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 696eddf270bae2e0b9e4ad846a5e107d198b396e0c01e93a813264f7a07673c6 |
| kernel-rt-debug-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: d04ca688f7d2e5c44c63b0c3764863786748840496fa354987cb30ab5991ab53 |
| kernel-rt-debug-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 77b91c992e0638f382ab6082210311f3633d030437dd418e5618fab815a9ad96 |
| kernel-rt-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: e9b283acec3227b5e9dd129f9230a3e43263e5525be16bc03bddd606164ea532 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: b8d47bbff08f34492916ca9d7225f43589c3de61583d998dbc91e42371576b8f |
| kernel-rt-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a2100722c57aa3121a6122873dca8a8bfc5242fd45edf460c424fc0263b9559e |
| kernel-rt-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 10576b839b8f38262e3bafaae80783e52afd69a56cadb306a7d32bc8cbf82439 |
| kernel-rt-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: eaf9a7fc119aa9f76a254db227d161136bb4809ea0a213879b2c9c725461f174 |
Red Hat Enterprise Linux for Real Time for NFV 9
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.src.rpm | SHA-256: 8ce1793d28edb3f6caa97da39a4bbd3162f8d9e65368a17301971e2f8569791c |
| x86_64 | |
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a528edfc61b2e548a09c0593c6ab7e9a884bae00443abcbde3f5b499b9a5b452 |
| kernel-rt-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: f302e1bd6f7d6b26b9e72e80acaaf2fe1de7421d3534a6ec150104bc1d2a1d53 |
| kernel-rt-debug-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: edaa54e3464daf3682763d40f23eec24d48102a01166bb3be5c540dec5d0e989 |
| kernel-rt-debug-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 2e92155ccc78d8ac3a22e6b346ed420d6d623ea5314ed120757146941d734434 |
| kernel-rt-debug-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 6a79dad1ffa9d8e6a99bcec0dddb600a3d049a64bcbd9e661244ecd3da27a865 |
| kernel-rt-debug-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 696eddf270bae2e0b9e4ad846a5e107d198b396e0c01e93a813264f7a07673c6 |
| kernel-rt-debug-kvm-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 7e4d4017dbba9219a038ecd2646132d8177cd86032e770df8028f4f1292ddaae |
| kernel-rt-debug-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: d04ca688f7d2e5c44c63b0c3764863786748840496fa354987cb30ab5991ab53 |
| kernel-rt-debug-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 77b91c992e0638f382ab6082210311f3633d030437dd418e5618fab815a9ad96 |
| kernel-rt-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: e9b283acec3227b5e9dd129f9230a3e43263e5525be16bc03bddd606164ea532 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: b8d47bbff08f34492916ca9d7225f43589c3de61583d998dbc91e42371576b8f |
| kernel-rt-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a2100722c57aa3121a6122873dca8a8bfc5242fd45edf460c424fc0263b9559e |
| kernel-rt-kvm-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 70bed5bab2d3598e61b309435d56c2bd2e7a9a8176ce515b4824f58e69ef53f3 |
| kernel-rt-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 10576b839b8f38262e3bafaae80783e52afd69a56cadb306a7d32bc8cbf82439 |
| kernel-rt-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: eaf9a7fc119aa9f76a254db227d161136bb4809ea0a213879b2c9c725461f174 |
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.src.rpm | SHA-256: 8ce1793d28edb3f6caa97da39a4bbd3162f8d9e65368a17301971e2f8569791c |
| x86_64 | |
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a528edfc61b2e548a09c0593c6ab7e9a884bae00443abcbde3f5b499b9a5b452 |
| kernel-rt-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: f302e1bd6f7d6b26b9e72e80acaaf2fe1de7421d3534a6ec150104bc1d2a1d53 |
| kernel-rt-debug-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: edaa54e3464daf3682763d40f23eec24d48102a01166bb3be5c540dec5d0e989 |
| kernel-rt-debug-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 2e92155ccc78d8ac3a22e6b346ed420d6d623ea5314ed120757146941d734434 |
| kernel-rt-debug-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 6a79dad1ffa9d8e6a99bcec0dddb600a3d049a64bcbd9e661244ecd3da27a865 |
| kernel-rt-debug-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 696eddf270bae2e0b9e4ad846a5e107d198b396e0c01e93a813264f7a07673c6 |
| kernel-rt-debug-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: d04ca688f7d2e5c44c63b0c3764863786748840496fa354987cb30ab5991ab53 |
| kernel-rt-debug-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 77b91c992e0638f382ab6082210311f3633d030437dd418e5618fab815a9ad96 |
| kernel-rt-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: e9b283acec3227b5e9dd129f9230a3e43263e5525be16bc03bddd606164ea532 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: b8d47bbff08f34492916ca9d7225f43589c3de61583d998dbc91e42371576b8f |
| kernel-rt-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a2100722c57aa3121a6122873dca8a8bfc5242fd45edf460c424fc0263b9559e |
| kernel-rt-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 10576b839b8f38262e3bafaae80783e52afd69a56cadb306a7d32bc8cbf82439 |
| kernel-rt-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: eaf9a7fc119aa9f76a254db227d161136bb4809ea0a213879b2c9c725461f174 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.src.rpm | SHA-256: 8ce1793d28edb3f6caa97da39a4bbd3162f8d9e65368a17301971e2f8569791c |
| x86_64 | |
| kernel-rt-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a528edfc61b2e548a09c0593c6ab7e9a884bae00443abcbde3f5b499b9a5b452 |
| kernel-rt-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: f302e1bd6f7d6b26b9e72e80acaaf2fe1de7421d3534a6ec150104bc1d2a1d53 |
| kernel-rt-debug-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: edaa54e3464daf3682763d40f23eec24d48102a01166bb3be5c540dec5d0e989 |
| kernel-rt-debug-core-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 2e92155ccc78d8ac3a22e6b346ed420d6d623ea5314ed120757146941d734434 |
| kernel-rt-debug-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 6a79dad1ffa9d8e6a99bcec0dddb600a3d049a64bcbd9e661244ecd3da27a865 |
| kernel-rt-debug-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 696eddf270bae2e0b9e4ad846a5e107d198b396e0c01e93a813264f7a07673c6 |
| kernel-rt-debug-kvm-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 7e4d4017dbba9219a038ecd2646132d8177cd86032e770df8028f4f1292ddaae |
| kernel-rt-debug-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: d04ca688f7d2e5c44c63b0c3764863786748840496fa354987cb30ab5991ab53 |
| kernel-rt-debug-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 77b91c992e0638f382ab6082210311f3633d030437dd418e5618fab815a9ad96 |
| kernel-rt-debuginfo-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: e9b283acec3227b5e9dd129f9230a3e43263e5525be16bc03bddd606164ea532 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: b8d47bbff08f34492916ca9d7225f43589c3de61583d998dbc91e42371576b8f |
| kernel-rt-devel-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: a2100722c57aa3121a6122873dca8a8bfc5242fd45edf460c424fc0263b9559e |
| kernel-rt-kvm-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 70bed5bab2d3598e61b309435d56c2bd2e7a9a8176ce515b4824f58e69ef53f3 |
| kernel-rt-modules-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: 10576b839b8f38262e3bafaae80783e52afd69a56cadb306a7d32bc8cbf82439 |
| kernel-rt-modules-extra-5.14.0-70.17.1.rt21.89.el9_0.x86_64.rpm | SHA-256: eaf9a7fc119aa9f76a254db227d161136bb4809ea0a213879b2c9c725461f174 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.