Issued:
2022-11-02
Updated:
2022-11-02

RHSA-2022:7338 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
  • RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
  • Branch Type Confusion (non-retbleed) (CVE-2022-23825)
  • Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
  • Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Update to the latest RHEL7.9.z18 source tree (BZ#2117337)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
  • BZ - 2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions
  • BZ - 2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)
  • BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
  • BZ - 2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm SHA-256: 7f6431bd66612e78c11ccb8eacc6f38c5cc0af45995746c909cb972a095f8e8c
x86_64
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 9b478eb369d714140c4974c6e16ebd4e3d49d20783fd9f0c85e904f2a79a6c91
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: c52db2bc4810c11db80386be7a0248020f12587b7409353b8ad21c7092954ad1
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 32bc273a9d9886ff578aab35ddaebe05337a839c796ac54a97e1387ac9995536
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 6cc25a208dae9c9290da622a2b1a4b3985a0538c3e9ed8ceb8ce9736d7bdcf8b
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: fce9be00dd46d62af0d354c6abfc1c14142f856f65e4d70189a963fcfaee0171
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 4b62e1c58cb9a25b39c88ae4f8be320c62844c790343186ad17bb394870b5f82
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: fe4c1d328f5ecc2edd70fef2ba55871ad47a9c3a6c6f35b22fb4c1ac6d1f5fe7
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm SHA-256: e2f94bc5af3aadd0916f7fd19fd87db6d800b151cbbb8fef9505203fbbb48b41
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 158e61e24a71c845b46f4ffd2e202b444676f0f2d3e43dd1c79da0ebc9415552
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 12b1cbe67a7caa1de415f308c3f77e2fca606b54d809567515384f9874f10b12
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 454497df163a447a2f9f37bdec521f5ffbb66907706199421041a0a9da656983

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm SHA-256: 7f6431bd66612e78c11ccb8eacc6f38c5cc0af45995746c909cb972a095f8e8c
x86_64
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 9b478eb369d714140c4974c6e16ebd4e3d49d20783fd9f0c85e904f2a79a6c91
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: c52db2bc4810c11db80386be7a0248020f12587b7409353b8ad21c7092954ad1
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 32bc273a9d9886ff578aab35ddaebe05337a839c796ac54a97e1387ac9995536
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 6cc25a208dae9c9290da622a2b1a4b3985a0538c3e9ed8ceb8ce9736d7bdcf8b
kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 2e50d0a79275794df6fd2a17026182b0ff4543ab77bdc2fd0993263ef04c3bce
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: eec2cf0a77da5692aed9daa3b6a0cd2e5daf858ab852730b125bcb39b036ba54
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: fce9be00dd46d62af0d354c6abfc1c14142f856f65e4d70189a963fcfaee0171
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 4b62e1c58cb9a25b39c88ae4f8be320c62844c790343186ad17bb394870b5f82
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: fe4c1d328f5ecc2edd70fef2ba55871ad47a9c3a6c6f35b22fb4c1ac6d1f5fe7
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm SHA-256: e2f94bc5af3aadd0916f7fd19fd87db6d800b151cbbb8fef9505203fbbb48b41
kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 640235a4fc4f75298125d8e59303455d96fc03bcdbaf887adbeac22ec3d1b85a
kernel-rt-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: ff6e3a8a3d8b036af4e7fb3740da73c1308555795e7e277ee5f87f69640655e6
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 158e61e24a71c845b46f4ffd2e202b444676f0f2d3e43dd1c79da0ebc9415552
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 12b1cbe67a7caa1de415f308c3f77e2fca606b54d809567515384f9874f10b12
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 454497df163a447a2f9f37bdec521f5ffbb66907706199421041a0a9da656983
kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: 66b61002e5172a523816e1ef142757040613f4b37027c321b9c77409a70feff6
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm SHA-256: f402822264867856ecb83ea0a5e745fc5a05333384c9b6a6e1fe74ebdc0bb0fc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.