- Issued:
- 2022-09-13
- Updated:
- 2022-09-13
RHSA-2022:6437 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
- Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
- BZ - 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
- BZ - 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm | SHA-256: e31b815de054fe18836f5719fe5f9b862b43eb6da83ee051a41afe8cedc7f9de |
| x86_64 | |
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 3ef86312db8b90f10379f17410e599ce62522e7778b4cab8fd19762307a18a88 |
| kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: eee6dc4af4dc02417c993cbc8be9bc86c2d5e04d58afbda910427543f49e2a17 |
| kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c77eede1bfc90d0e564b8866e9d727e01affac8c42fd7f02272f7e2f42e183a1 |
| kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 44faff4a947fe8cb45b931baf90851642fdb79219116dc1237e73fc4fbdf07f1 |
| kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: a22332b8b0971e9ac650bfdf77b3268ac032dbc22ef525287666688d50d8e5bf |
| kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 83ac7d5e2f7cc7b1349a7b90f9ba9339f770d57f7441faad4823c360ac0368db |
| kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 85670961749dbdeae7d8a2adb578109525be382bafd10c2331d39f25141f3814 |
| kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 1501e3d69d7055806387c1f1e72938ef96342626248e5939c0a70cdfc9a74e47 |
| kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 0ed63adbccf694c0275061ebea5701774712511833a547e960ac3f1c4a4b9834 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 508c65696bbc17000224786c39d9acdef526d694d2e6dfccc1fb64764245dd5c |
| kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d3140f9cbcd6460fe76171a242fa0e3f35950c3e8b7ebd1072705cb11281575a |
| kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c363206f7dfbd5a0ec7deec70721cbde260805fda424dd16b77549251e5a045d |
| kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 473ba6ead546bee9e1ba14140639bababb215a811aaec0dca89dca1ae75018b9 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm | SHA-256: e31b815de054fe18836f5719fe5f9b862b43eb6da83ee051a41afe8cedc7f9de |
| x86_64 | |
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 3ef86312db8b90f10379f17410e599ce62522e7778b4cab8fd19762307a18a88 |
| kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: eee6dc4af4dc02417c993cbc8be9bc86c2d5e04d58afbda910427543f49e2a17 |
| kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c77eede1bfc90d0e564b8866e9d727e01affac8c42fd7f02272f7e2f42e183a1 |
| kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 44faff4a947fe8cb45b931baf90851642fdb79219116dc1237e73fc4fbdf07f1 |
| kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: a22332b8b0971e9ac650bfdf77b3268ac032dbc22ef525287666688d50d8e5bf |
| kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 83ac7d5e2f7cc7b1349a7b90f9ba9339f770d57f7441faad4823c360ac0368db |
| kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 5e352f28e95d49209f88205d3bb64e4f45ad2ed59d29c8c4c59c39569369c75b |
| kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 85670961749dbdeae7d8a2adb578109525be382bafd10c2331d39f25141f3814 |
| kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 1501e3d69d7055806387c1f1e72938ef96342626248e5939c0a70cdfc9a74e47 |
| kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 0ed63adbccf694c0275061ebea5701774712511833a547e960ac3f1c4a4b9834 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 508c65696bbc17000224786c39d9acdef526d694d2e6dfccc1fb64764245dd5c |
| kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d3140f9cbcd6460fe76171a242fa0e3f35950c3e8b7ebd1072705cb11281575a |
| kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d26529a441cbeb8a327f2de1aca7ae022c01824a0ed757edab006dc1cb51ae9c |
| kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c363206f7dfbd5a0ec7deec70721cbde260805fda424dd16b77549251e5a045d |
| kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 473ba6ead546bee9e1ba14140639bababb215a811aaec0dca89dca1ae75018b9 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm | SHA-256: e31b815de054fe18836f5719fe5f9b862b43eb6da83ee051a41afe8cedc7f9de |
| x86_64 | |
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 3ef86312db8b90f10379f17410e599ce62522e7778b4cab8fd19762307a18a88 |
| kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: eee6dc4af4dc02417c993cbc8be9bc86c2d5e04d58afbda910427543f49e2a17 |
| kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c77eede1bfc90d0e564b8866e9d727e01affac8c42fd7f02272f7e2f42e183a1 |
| kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 44faff4a947fe8cb45b931baf90851642fdb79219116dc1237e73fc4fbdf07f1 |
| kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: a22332b8b0971e9ac650bfdf77b3268ac032dbc22ef525287666688d50d8e5bf |
| kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 83ac7d5e2f7cc7b1349a7b90f9ba9339f770d57f7441faad4823c360ac0368db |
| kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 85670961749dbdeae7d8a2adb578109525be382bafd10c2331d39f25141f3814 |
| kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 1501e3d69d7055806387c1f1e72938ef96342626248e5939c0a70cdfc9a74e47 |
| kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 0ed63adbccf694c0275061ebea5701774712511833a547e960ac3f1c4a4b9834 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 508c65696bbc17000224786c39d9acdef526d694d2e6dfccc1fb64764245dd5c |
| kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d3140f9cbcd6460fe76171a242fa0e3f35950c3e8b7ebd1072705cb11281575a |
| kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c363206f7dfbd5a0ec7deec70721cbde260805fda424dd16b77549251e5a045d |
| kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 473ba6ead546bee9e1ba14140639bababb215a811aaec0dca89dca1ae75018b9 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm | SHA-256: e31b815de054fe18836f5719fe5f9b862b43eb6da83ee051a41afe8cedc7f9de |
| x86_64 | |
| kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 3ef86312db8b90f10379f17410e599ce62522e7778b4cab8fd19762307a18a88 |
| kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: eee6dc4af4dc02417c993cbc8be9bc86c2d5e04d58afbda910427543f49e2a17 |
| kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c77eede1bfc90d0e564b8866e9d727e01affac8c42fd7f02272f7e2f42e183a1 |
| kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 44faff4a947fe8cb45b931baf90851642fdb79219116dc1237e73fc4fbdf07f1 |
| kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: a22332b8b0971e9ac650bfdf77b3268ac032dbc22ef525287666688d50d8e5bf |
| kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 83ac7d5e2f7cc7b1349a7b90f9ba9339f770d57f7441faad4823c360ac0368db |
| kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 5e352f28e95d49209f88205d3bb64e4f45ad2ed59d29c8c4c59c39569369c75b |
| kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 85670961749dbdeae7d8a2adb578109525be382bafd10c2331d39f25141f3814 |
| kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 1501e3d69d7055806387c1f1e72938ef96342626248e5939c0a70cdfc9a74e47 |
| kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 0ed63adbccf694c0275061ebea5701774712511833a547e960ac3f1c4a4b9834 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 508c65696bbc17000224786c39d9acdef526d694d2e6dfccc1fb64764245dd5c |
| kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d3140f9cbcd6460fe76171a242fa0e3f35950c3e8b7ebd1072705cb11281575a |
| kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: d26529a441cbeb8a327f2de1aca7ae022c01824a0ed757edab006dc1cb51ae9c |
| kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: c363206f7dfbd5a0ec7deec70721cbde260805fda424dd16b77549251e5a045d |
| kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm | SHA-256: 473ba6ead546bee9e1ba14140639bababb215a811aaec0dca89dca1ae75018b9 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.