- Issued:
- 2022-10-18
- Updated:
- 2022-10-18
RHSA-2022:6991 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
- Information leak in the IPv6 implementation (CVE-2021-45485)
- Information leak in the IPv4 implementation (CVE-2021-45486)
- Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
- Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- update RT source tree to the RHEL-8.4.z12 source tree (BZ#2119160)
- using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 [None8.4.0.z] (BZ#2124454)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation
- BZ - 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation
- BZ - 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
- BZ - 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
- BZ - 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
- BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm | SHA-256: df5a61d1ca19278a0291271aeac9882a69d5ebc7e72f369076304e71692460c5 |
| x86_64 | |
| kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 1e68079ef2cb17666d10b9eff27a1ddb8df1929dadb7c895a3ea69d647261f0f |
| kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 3329d05ee2615581c5645ca4a51950b9548d253567c361242e88db750f389d45 |
| kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 53f6d0bc5d866bef5db10d6489c8ed56551f7286e3c13741c4248625f670a736 |
| kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: b3fd7288040862462234d98d7795a38fd7b2e0addea2de8662884cd937d530b2 |
| kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 997b4b2eae73d0c07e9dd10c571c49256dce0c9fe475348c06e8a1fb07f6a68c |
| kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 13403f8c83aea14535c3235acb685ee5aa7882be9a8a28e77cd01ebecfa63e31 |
| kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 21d341354019b4c530a271b63808101b5a3fe1732773e4e50891dd5352f480f3 |
| kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: f48a128f893c95a5814fdf8798f139c1fd62ca3e055a2ae8754eabcb2d8527ff |
| kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 7c4470c9c0cc9dc4eb82e22ab914e251711f5f9037f6aa45269e4acc6c8618e7 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 35b2d903ac3825404a7a9bbbe52e8eaee32cb015c0f634f20e82ab5b62315383 |
| kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: a9e56774bc70664148c2075233f2ef1ded68f9e86a302806fb268de1b842b9a9 |
| kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 83d1f796ef7e1dda17013fa56ccb7392ab5db8dd9918d3ebc42ddd81ba4fe0f9 |
| kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 16102bf1d81ac65fcac94446c156b253ee9e3d54b9e24bdf1f8d785f3e9c33fd |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm | SHA-256: df5a61d1ca19278a0291271aeac9882a69d5ebc7e72f369076304e71692460c5 |
| x86_64 | |
| kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 1e68079ef2cb17666d10b9eff27a1ddb8df1929dadb7c895a3ea69d647261f0f |
| kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 3329d05ee2615581c5645ca4a51950b9548d253567c361242e88db750f389d45 |
| kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 53f6d0bc5d866bef5db10d6489c8ed56551f7286e3c13741c4248625f670a736 |
| kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: b3fd7288040862462234d98d7795a38fd7b2e0addea2de8662884cd937d530b2 |
| kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 997b4b2eae73d0c07e9dd10c571c49256dce0c9fe475348c06e8a1fb07f6a68c |
| kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 13403f8c83aea14535c3235acb685ee5aa7882be9a8a28e77cd01ebecfa63e31 |
| kernel-rt-debug-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: d1dd77bbcda52fabe9e572adabb89688a770ca88eda563523bcd4b5d207a807c |
| kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 21d341354019b4c530a271b63808101b5a3fe1732773e4e50891dd5352f480f3 |
| kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: f48a128f893c95a5814fdf8798f139c1fd62ca3e055a2ae8754eabcb2d8527ff |
| kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 7c4470c9c0cc9dc4eb82e22ab914e251711f5f9037f6aa45269e4acc6c8618e7 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 35b2d903ac3825404a7a9bbbe52e8eaee32cb015c0f634f20e82ab5b62315383 |
| kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: a9e56774bc70664148c2075233f2ef1ded68f9e86a302806fb268de1b842b9a9 |
| kernel-rt-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 632992ab31855c1d619ee1b64a3ebd2c05f97dce3769f4dae284ce0fda802de0 |
| kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 83d1f796ef7e1dda17013fa56ccb7392ab5db8dd9918d3ebc42ddd81ba4fe0f9 |
| kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm | SHA-256: 16102bf1d81ac65fcac94446c156b253ee9e3d54b9e24bdf1f8d785f3e9c33fd |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
