- Issued:
- 2022-11-02
- Updated:
- 2022-11-02
RHSA-2022:7319 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)
- Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Update RT source tree to the latest RHEL-9.0.z4 Batch (BZ#2123498)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 9 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
- BZ - 2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 9
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm | SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2 |
| x86_64 | |
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543 |
| kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78 |
| kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c |
| kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1 |
| kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d |
| kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675 |
| kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858 |
| kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2 |
| kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a |
| kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053 |
| kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926 |
| kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882 |
Red Hat Enterprise Linux for Real Time for NFV 9
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm | SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2 |
| x86_64 | |
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543 |
| kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78 |
| kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c |
| kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1 |
| kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d |
| kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675 |
| kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f80c77d2998d45aac52b02a8357fd314ea76f6545c514d85deee936a2e0f3189 |
| kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858 |
| kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2 |
| kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a |
| kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053 |
| kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 47706ca8c84523da413caad217c680b287428b95b9620e42bef892f5d6e91eba |
| kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926 |
| kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882 |
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm | SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2 |
| x86_64 | |
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543 |
| kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78 |
| kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c |
| kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1 |
| kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d |
| kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675 |
| kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858 |
| kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2 |
| kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a |
| kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053 |
| kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926 |
| kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm | SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2 |
| x86_64 | |
| kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543 |
| kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78 |
| kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c |
| kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1 |
| kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d |
| kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675 |
| kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: f80c77d2998d45aac52b02a8357fd314ea76f6545c514d85deee936a2e0f3189 |
| kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858 |
| kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2 |
| kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a |
| kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053 |
| kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 47706ca8c84523da413caad217c680b287428b95b9620e42bef892f5d6e91eba |
| kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926 |
| kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm | SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.