- Issued:
- 2022-11-01
- Updated:
- 2022-11-01
RHSA-2022:7280 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
- Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
- Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
- Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Update RT source tree to the latest RHEL-8.2.z21 Batch (BZ#2100575)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
- BZ - 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
- BZ - 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
- BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.src.rpm | SHA-256: 936b2df054c4a155f2b45acd6fd64fb3e59a7b75c6700bb18b21c771e224e240 |
| x86_64 | |
| kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: c057702fefc65fa7b75ef838b2cb7be228eb5657075353d525209ea7103920b9 |
| kernel-rt-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b50c4e7685204fe7375e3308973992454fc5a32d2aa9e86b5e5b278f50c9607f |
| kernel-rt-debug-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 2100c5f485334532bd4e47ee1ba9464975fe6f1a57aafc3f2d6d62ccf88d6a57 |
| kernel-rt-debug-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 605c5c9291939f2b4e0b7f8a479d12e9456c10ea26ee2e66b804dbf4db074f75 |
| kernel-rt-debug-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: c91fe59502e4ca72538b7a9785d0e964921396828342fb31b117619607952d19 |
| kernel-rt-debug-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: ad160903691964853df55e8e46fa13d981d49829b9c645cc02323f9a2410c403 |
| kernel-rt-debug-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b41e802df8e0c385d8d6f5ed8dbb845d8fc748ccd0bf0255754451915c0434c5 |
| kernel-rt-debug-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b427870cf87b5d1edd7e52b49d101f7b18c642a3ddbba62c0f491c6d77893682 |
| kernel-rt-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 4d21c4ef481780101a9865b62a23640d3e7c09d7d787c4b917b5eeff8758eb88 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: f031d39961d0c21b8c6fb70c97ce86006a44f36c9281e25f4cda14188ef96744 |
| kernel-rt-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: d3c3e029b687e46561624652688fc3129255f3db210b2782efd6f22f478e6e77 |
| kernel-rt-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 067e91f96977c2002d4d8ba839a402ec38380a296d4468ae15c538bc8277b546 |
| kernel-rt-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 9a0396be2b8387816fe54416cb3057f9f112f6aaf096d4705eb9723289f38ff0 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.src.rpm | SHA-256: 936b2df054c4a155f2b45acd6fd64fb3e59a7b75c6700bb18b21c771e224e240 |
| x86_64 | |
| kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: c057702fefc65fa7b75ef838b2cb7be228eb5657075353d525209ea7103920b9 |
| kernel-rt-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b50c4e7685204fe7375e3308973992454fc5a32d2aa9e86b5e5b278f50c9607f |
| kernel-rt-debug-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 2100c5f485334532bd4e47ee1ba9464975fe6f1a57aafc3f2d6d62ccf88d6a57 |
| kernel-rt-debug-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 605c5c9291939f2b4e0b7f8a479d12e9456c10ea26ee2e66b804dbf4db074f75 |
| kernel-rt-debug-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: c91fe59502e4ca72538b7a9785d0e964921396828342fb31b117619607952d19 |
| kernel-rt-debug-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: ad160903691964853df55e8e46fa13d981d49829b9c645cc02323f9a2410c403 |
| kernel-rt-debug-kvm-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 8e4071257cff5d1adfe80c8c3de0b3244fac4de54a56eb93a36b0ba1f97c2e6f |
| kernel-rt-debug-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b41e802df8e0c385d8d6f5ed8dbb845d8fc748ccd0bf0255754451915c0434c5 |
| kernel-rt-debug-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: b427870cf87b5d1edd7e52b49d101f7b18c642a3ddbba62c0f491c6d77893682 |
| kernel-rt-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 4d21c4ef481780101a9865b62a23640d3e7c09d7d787c4b917b5eeff8758eb88 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: f031d39961d0c21b8c6fb70c97ce86006a44f36c9281e25f4cda14188ef96744 |
| kernel-rt-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: d3c3e029b687e46561624652688fc3129255f3db210b2782efd6f22f478e6e77 |
| kernel-rt-kvm-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 35b9db7e8df60423599ab9b9611580dfcf77d60d400751462aaefe2203a29676 |
| kernel-rt-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 067e91f96977c2002d4d8ba839a402ec38380a296d4468ae15c538bc8277b546 |
| kernel-rt-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm | SHA-256: 9a0396be2b8387816fe54416cb3057f9f112f6aaf096d4705eb9723289f38ff0 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.