Issued:
2022-10-18
Updated:
2022-10-18

RHSA-2022:6991 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
  • Information leak in the IPv6 implementation (CVE-2021-45485)
  • Information leak in the IPv4 implementation (CVE-2021-45486)
  • Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
  • Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
  • Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • update RT source tree to the RHEL-8.4.z12 source tree (BZ#2119160)
  • using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 [None8.4.0.z] (BZ#2124454)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64

Fixes

  • BZ - 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation
  • BZ - 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation
  • BZ - 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
  • BZ - 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
  • BZ - 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
  • BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4

SRPM
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm SHA-256: df5a61d1ca19278a0291271aeac9882a69d5ebc7e72f369076304e71692460c5
x86_64
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 1e68079ef2cb17666d10b9eff27a1ddb8df1929dadb7c895a3ea69d647261f0f
kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 3329d05ee2615581c5645ca4a51950b9548d253567c361242e88db750f389d45
kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 53f6d0bc5d866bef5db10d6489c8ed56551f7286e3c13741c4248625f670a736
kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: b3fd7288040862462234d98d7795a38fd7b2e0addea2de8662884cd937d530b2
kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 997b4b2eae73d0c07e9dd10c571c49256dce0c9fe475348c06e8a1fb07f6a68c
kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 13403f8c83aea14535c3235acb685ee5aa7882be9a8a28e77cd01ebecfa63e31
kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 21d341354019b4c530a271b63808101b5a3fe1732773e4e50891dd5352f480f3
kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: f48a128f893c95a5814fdf8798f139c1fd62ca3e055a2ae8754eabcb2d8527ff
kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 7c4470c9c0cc9dc4eb82e22ab914e251711f5f9037f6aa45269e4acc6c8618e7
kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 35b2d903ac3825404a7a9bbbe52e8eaee32cb015c0f634f20e82ab5b62315383
kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: a9e56774bc70664148c2075233f2ef1ded68f9e86a302806fb268de1b842b9a9
kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 83d1f796ef7e1dda17013fa56ccb7392ab5db8dd9918d3ebc42ddd81ba4fe0f9
kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 16102bf1d81ac65fcac94446c156b253ee9e3d54b9e24bdf1f8d785f3e9c33fd

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4

SRPM
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.src.rpm SHA-256: df5a61d1ca19278a0291271aeac9882a69d5ebc7e72f369076304e71692460c5
x86_64
kernel-rt-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 1e68079ef2cb17666d10b9eff27a1ddb8df1929dadb7c895a3ea69d647261f0f
kernel-rt-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 3329d05ee2615581c5645ca4a51950b9548d253567c361242e88db750f389d45
kernel-rt-debug-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 53f6d0bc5d866bef5db10d6489c8ed56551f7286e3c13741c4248625f670a736
kernel-rt-debug-core-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: b3fd7288040862462234d98d7795a38fd7b2e0addea2de8662884cd937d530b2
kernel-rt-debug-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 997b4b2eae73d0c07e9dd10c571c49256dce0c9fe475348c06e8a1fb07f6a68c
kernel-rt-debug-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 13403f8c83aea14535c3235acb685ee5aa7882be9a8a28e77cd01ebecfa63e31
kernel-rt-debug-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: d1dd77bbcda52fabe9e572adabb89688a770ca88eda563523bcd4b5d207a807c
kernel-rt-debug-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 21d341354019b4c530a271b63808101b5a3fe1732773e4e50891dd5352f480f3
kernel-rt-debug-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: f48a128f893c95a5814fdf8798f139c1fd62ca3e055a2ae8754eabcb2d8527ff
kernel-rt-debuginfo-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 7c4470c9c0cc9dc4eb82e22ab914e251711f5f9037f6aa45269e4acc6c8618e7
kernel-rt-debuginfo-common-x86_64-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 35b2d903ac3825404a7a9bbbe52e8eaee32cb015c0f634f20e82ab5b62315383
kernel-rt-devel-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: a9e56774bc70664148c2075233f2ef1ded68f9e86a302806fb268de1b842b9a9
kernel-rt-kvm-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 632992ab31855c1d619ee1b64a3ebd2c05f97dce3769f4dae284ce0fda802de0
kernel-rt-modules-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 83d1f796ef7e1dda17013fa56ccb7392ab5db8dd9918d3ebc42ddd81ba4fe0f9
kernel-rt-modules-extra-4.18.0-305.65.1.rt7.137.el8_4.x86_64.rpm SHA-256: 16102bf1d81ac65fcac94446c156b253ee9e3d54b9e24bdf1f8d785f3e9c33fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.