- Issued:
- 2022-08-09
- Updated:
- 2022-08-09
RHSA-2022:5939 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
- Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The kernel-rt crashes where one task is indefinitely looping in __start_cfs_bandwidth() with the cfs_b->lock spinlock being held (BZ#2079976)
- update to the latest RHEL7.9.z16 source tree (BZ#2100182)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
- BZ - 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
- BZ - 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.76.1.rt56.1220.el7.src.rpm | SHA-256: 4866ab28ef27d4bcc982e62db29834df6311235aadc93d296dcf0f972b98c576 |
| x86_64 | |
| kernel-rt-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 81df049e4c991ce7de89c69cb60724637b73938b4699de32a7cb2a9dc1c8f901 |
| kernel-rt-debug-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 8ab8871fedab4ff096e2aaabea0cff19b9b068f93c0bf9e01b972af053881526 |
| kernel-rt-debug-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 4668cd5bfdef6a4714db0d1d5d23959ae5d312ba5faec403a80e953cbe2da210 |
| kernel-rt-debug-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: e7787cceafbb0552d49d2ec008b92b9fb16073011c9cd521f6e6bd1a96a52596 |
| kernel-rt-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 1cb43d3e2a5644d9ba68de80687231519f680acf27bbe08741de66814d36c9c5 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: f45f8c95748c8b00049af6fd8bd4900a4117ff14b204bfc7ad77979f33c06226 |
| kernel-rt-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 3131b88c6eb077df59495578d77146079ae3e1fb32f9d4214a75b240ea122f80 |
| kernel-rt-doc-3.10.0-1160.76.1.rt56.1220.el7.noarch.rpm | SHA-256: 9b4c1e5488c8b7b20f4ac9742e2db0ef7e545b99c66fec3bde7dff065aa08b88 |
| kernel-rt-trace-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 6acacbc2c20c8adcd9c2598ffd113ec71608efe0354ab987a7e9e1864e447c64 |
| kernel-rt-trace-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: fad7e2887fd4dc97ac966aeb5b8aee45a61703a1298cdb72116bdc2daee53ba5 |
| kernel-rt-trace-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: de67d4131e89e3bc09bf0e222134e3617ca181963164b9e2a5437a3dddbb196e |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-1160.76.1.rt56.1220.el7.src.rpm | SHA-256: 4866ab28ef27d4bcc982e62db29834df6311235aadc93d296dcf0f972b98c576 |
| x86_64 | |
| kernel-rt-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 81df049e4c991ce7de89c69cb60724637b73938b4699de32a7cb2a9dc1c8f901 |
| kernel-rt-debug-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 8ab8871fedab4ff096e2aaabea0cff19b9b068f93c0bf9e01b972af053881526 |
| kernel-rt-debug-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 4668cd5bfdef6a4714db0d1d5d23959ae5d312ba5faec403a80e953cbe2da210 |
| kernel-rt-debug-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: e7787cceafbb0552d49d2ec008b92b9fb16073011c9cd521f6e6bd1a96a52596 |
| kernel-rt-debug-kvm-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: b71b5f270936e1e7e788f52402033a78a612e9e59eaa7f2aab4f8c1d5b5ec220 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: d38706b9d30156cbb6bb0505567af63699279374fd83a7a4ff791731b56bd2f9 |
| kernel-rt-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 1cb43d3e2a5644d9ba68de80687231519f680acf27bbe08741de66814d36c9c5 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: f45f8c95748c8b00049af6fd8bd4900a4117ff14b204bfc7ad77979f33c06226 |
| kernel-rt-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 3131b88c6eb077df59495578d77146079ae3e1fb32f9d4214a75b240ea122f80 |
| kernel-rt-doc-3.10.0-1160.76.1.rt56.1220.el7.noarch.rpm | SHA-256: 9b4c1e5488c8b7b20f4ac9742e2db0ef7e545b99c66fec3bde7dff065aa08b88 |
| kernel-rt-kvm-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 499f24dd5e0d08f88e5c87205bbb700cfa159cacd31764f3974a891f0b2ba5c5 |
| kernel-rt-kvm-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: f5dd8a029893c78d236a0c2ab77544e1992fc71909e5d2332e7b5122cac780a6 |
| kernel-rt-trace-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 6acacbc2c20c8adcd9c2598ffd113ec71608efe0354ab987a7e9e1864e447c64 |
| kernel-rt-trace-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: fad7e2887fd4dc97ac966aeb5b8aee45a61703a1298cdb72116bdc2daee53ba5 |
| kernel-rt-trace-devel-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: de67d4131e89e3bc09bf0e222134e3617ca181963164b9e2a5437a3dddbb196e |
| kernel-rt-trace-kvm-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 086ffbf0b22e5a75387befd8bc90cf38754fed2b0016217673e77bc78e7ecd1e |
| kernel-rt-trace-kvm-debuginfo-3.10.0-1160.76.1.rt56.1220.el7.x86_64.rpm | SHA-256: 7ce020f5138f98bc55f4039b9e4a5d42a4f89b6eed96a0d834b6293839907108 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
