- Issued:
- 2022-08-02
- Updated:
- 2022-08-02
RHSA-2022:5834 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)
- kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The latest RHEL 8.6.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2107215)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2064604 - CVE-2022-1012 kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak
- BZ - 2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.src.rpm | SHA-256: 190cb138d9bfeab37320d376e3287cea7eb38c357f9e1a4507968cd3604e7499 |
| x86_64 | |
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5054b71fdc96c3b2e034c02ae6bb1dcc83ecb1455a88494c2324d002b1b59503 |
| kernel-rt-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 234c74e62d8fc1f67b4c28d1cffec5b34672a1fe3b3a8735996c085430198fd9 |
| kernel-rt-debug-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: d04cfbbb07e99a29272712ed270771fc4aef66663a0ad197128fea68bbdbadd8 |
| kernel-rt-debug-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: c4afb48b0213647054c3815e70e365322c0a6414d5091f8b36ba62bf8d432c68 |
| kernel-rt-debug-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: fc59757930be9b15b4685224d34f6a61aff6393344d418387db15d8af7fb86e6 |
| kernel-rt-debug-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 4c105ff4308a635af0279da7852ca32960b846393cfce4a993c64e4de7c064e4 |
| kernel-rt-debug-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: bfd7798f07675a7479f4e348be35aeb8950e35653060d71b9cd39a2683bc5972 |
| kernel-rt-debug-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 715c3c0ddb0e20797697fadba223b0706376eb14417baeeebe62c802da7eb4f0 |
| kernel-rt-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5f5321fed3359243749d8df007f0989e12c338f57e47f48f1c8ffac8fbdab8cf |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 3a4ff15a4a0a1a1330d619ffbc87828f506caecf3b8144d73af6c18901feee50 |
| kernel-rt-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5d3f081d2088c9b8593fcbfa0363208dcb7ba91dce73fb2f3d01d0135610e576 |
| kernel-rt-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: ca89388a8a9bdbe4294cff5a2e927764836442d988064dc847e29cd9847246d2 |
| kernel-rt-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 79dcbeae8263f982c392788685850f30a4b229582c5a53acdf14fb8b5c752a57 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.src.rpm | SHA-256: 190cb138d9bfeab37320d376e3287cea7eb38c357f9e1a4507968cd3604e7499 |
| x86_64 | |
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5054b71fdc96c3b2e034c02ae6bb1dcc83ecb1455a88494c2324d002b1b59503 |
| kernel-rt-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 234c74e62d8fc1f67b4c28d1cffec5b34672a1fe3b3a8735996c085430198fd9 |
| kernel-rt-debug-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: d04cfbbb07e99a29272712ed270771fc4aef66663a0ad197128fea68bbdbadd8 |
| kernel-rt-debug-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: c4afb48b0213647054c3815e70e365322c0a6414d5091f8b36ba62bf8d432c68 |
| kernel-rt-debug-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: fc59757930be9b15b4685224d34f6a61aff6393344d418387db15d8af7fb86e6 |
| kernel-rt-debug-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 4c105ff4308a635af0279da7852ca32960b846393cfce4a993c64e4de7c064e4 |
| kernel-rt-debug-kvm-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 66d80029c80fea38ada8f3dcfe13b2c13d3190c6d262689b2c3a6c8e90f6bc0d |
| kernel-rt-debug-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: bfd7798f07675a7479f4e348be35aeb8950e35653060d71b9cd39a2683bc5972 |
| kernel-rt-debug-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 715c3c0ddb0e20797697fadba223b0706376eb14417baeeebe62c802da7eb4f0 |
| kernel-rt-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5f5321fed3359243749d8df007f0989e12c338f57e47f48f1c8ffac8fbdab8cf |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 3a4ff15a4a0a1a1330d619ffbc87828f506caecf3b8144d73af6c18901feee50 |
| kernel-rt-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5d3f081d2088c9b8593fcbfa0363208dcb7ba91dce73fb2f3d01d0135610e576 |
| kernel-rt-kvm-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 8d6234ca9592266ad4133ef341935ee5952188776f022b3a659b380028be9b1c |
| kernel-rt-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: ca89388a8a9bdbe4294cff5a2e927764836442d988064dc847e29cd9847246d2 |
| kernel-rt-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 79dcbeae8263f982c392788685850f30a4b229582c5a53acdf14fb8b5c752a57 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.src.rpm | SHA-256: 190cb138d9bfeab37320d376e3287cea7eb38c357f9e1a4507968cd3604e7499 |
| x86_64 | |
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5054b71fdc96c3b2e034c02ae6bb1dcc83ecb1455a88494c2324d002b1b59503 |
| kernel-rt-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 234c74e62d8fc1f67b4c28d1cffec5b34672a1fe3b3a8735996c085430198fd9 |
| kernel-rt-debug-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: d04cfbbb07e99a29272712ed270771fc4aef66663a0ad197128fea68bbdbadd8 |
| kernel-rt-debug-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: c4afb48b0213647054c3815e70e365322c0a6414d5091f8b36ba62bf8d432c68 |
| kernel-rt-debug-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: fc59757930be9b15b4685224d34f6a61aff6393344d418387db15d8af7fb86e6 |
| kernel-rt-debug-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 4c105ff4308a635af0279da7852ca32960b846393cfce4a993c64e4de7c064e4 |
| kernel-rt-debug-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: bfd7798f07675a7479f4e348be35aeb8950e35653060d71b9cd39a2683bc5972 |
| kernel-rt-debug-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 715c3c0ddb0e20797697fadba223b0706376eb14417baeeebe62c802da7eb4f0 |
| kernel-rt-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5f5321fed3359243749d8df007f0989e12c338f57e47f48f1c8ffac8fbdab8cf |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 3a4ff15a4a0a1a1330d619ffbc87828f506caecf3b8144d73af6c18901feee50 |
| kernel-rt-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5d3f081d2088c9b8593fcbfa0363208dcb7ba91dce73fb2f3d01d0135610e576 |
| kernel-rt-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: ca89388a8a9bdbe4294cff5a2e927764836442d988064dc847e29cd9847246d2 |
| kernel-rt-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 79dcbeae8263f982c392788685850f30a4b229582c5a53acdf14fb8b5c752a57 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.src.rpm | SHA-256: 190cb138d9bfeab37320d376e3287cea7eb38c357f9e1a4507968cd3604e7499 |
| x86_64 | |
| kernel-rt-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5054b71fdc96c3b2e034c02ae6bb1dcc83ecb1455a88494c2324d002b1b59503 |
| kernel-rt-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 234c74e62d8fc1f67b4c28d1cffec5b34672a1fe3b3a8735996c085430198fd9 |
| kernel-rt-debug-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: d04cfbbb07e99a29272712ed270771fc4aef66663a0ad197128fea68bbdbadd8 |
| kernel-rt-debug-core-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: c4afb48b0213647054c3815e70e365322c0a6414d5091f8b36ba62bf8d432c68 |
| kernel-rt-debug-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: fc59757930be9b15b4685224d34f6a61aff6393344d418387db15d8af7fb86e6 |
| kernel-rt-debug-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 4c105ff4308a635af0279da7852ca32960b846393cfce4a993c64e4de7c064e4 |
| kernel-rt-debug-kvm-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 66d80029c80fea38ada8f3dcfe13b2c13d3190c6d262689b2c3a6c8e90f6bc0d |
| kernel-rt-debug-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: bfd7798f07675a7479f4e348be35aeb8950e35653060d71b9cd39a2683bc5972 |
| kernel-rt-debug-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 715c3c0ddb0e20797697fadba223b0706376eb14417baeeebe62c802da7eb4f0 |
| kernel-rt-debuginfo-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5f5321fed3359243749d8df007f0989e12c338f57e47f48f1c8ffac8fbdab8cf |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 3a4ff15a4a0a1a1330d619ffbc87828f506caecf3b8144d73af6c18901feee50 |
| kernel-rt-devel-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 5d3f081d2088c9b8593fcbfa0363208dcb7ba91dce73fb2f3d01d0135610e576 |
| kernel-rt-kvm-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 8d6234ca9592266ad4133ef341935ee5952188776f022b3a659b380028be9b1c |
| kernel-rt-modules-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: ca89388a8a9bdbe4294cff5a2e927764836442d988064dc847e29cd9847246d2 |
| kernel-rt-modules-extra-4.18.0-372.19.1.rt7.176.el8_6.x86_64.rpm | SHA-256: 79dcbeae8263f982c392788685850f30a4b229582c5a53acdf14fb8b5c752a57 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
