- Issued:
- 2022-11-02
- Updated:
- 2022-11-02
RHSA-2022:7338 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
- RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
- Branch Type Confusion (non-retbleed) (CVE-2022-23825)
- Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
- Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Update to the latest RHEL7.9.z18 source tree (BZ#2117337)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
- BZ - 2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions
- BZ - 2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)
- BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
- BZ - 2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
CVEs
Red Hat Enterprise Linux for Real Time 7
SRPM | |
---|---|
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm | SHA-256: 7f6431bd66612e78c11ccb8eacc6f38c5cc0af45995746c909cb972a095f8e8c |
x86_64 | |
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 9b478eb369d714140c4974c6e16ebd4e3d49d20783fd9f0c85e904f2a79a6c91 |
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: c52db2bc4810c11db80386be7a0248020f12587b7409353b8ad21c7092954ad1 |
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 32bc273a9d9886ff578aab35ddaebe05337a839c796ac54a97e1387ac9995536 |
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 6cc25a208dae9c9290da622a2b1a4b3985a0538c3e9ed8ceb8ce9736d7bdcf8b |
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: fce9be00dd46d62af0d354c6abfc1c14142f856f65e4d70189a963fcfaee0171 |
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 4b62e1c58cb9a25b39c88ae4f8be320c62844c790343186ad17bb394870b5f82 |
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: fe4c1d328f5ecc2edd70fef2ba55871ad47a9c3a6c6f35b22fb4c1ac6d1f5fe7 |
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm | SHA-256: e2f94bc5af3aadd0916f7fd19fd87db6d800b151cbbb8fef9505203fbbb48b41 |
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 158e61e24a71c845b46f4ffd2e202b444676f0f2d3e43dd1c79da0ebc9415552 |
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 12b1cbe67a7caa1de415f308c3f77e2fca606b54d809567515384f9874f10b12 |
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 454497df163a447a2f9f37bdec521f5ffbb66907706199421041a0a9da656983 |
Red Hat Enterprise Linux for Real Time for NFV 7
SRPM | |
---|---|
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.src.rpm | SHA-256: 7f6431bd66612e78c11ccb8eacc6f38c5cc0af45995746c909cb972a095f8e8c |
x86_64 | |
kernel-rt-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 9b478eb369d714140c4974c6e16ebd4e3d49d20783fd9f0c85e904f2a79a6c91 |
kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: c52db2bc4810c11db80386be7a0248020f12587b7409353b8ad21c7092954ad1 |
kernel-rt-debug-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 32bc273a9d9886ff578aab35ddaebe05337a839c796ac54a97e1387ac9995536 |
kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 6cc25a208dae9c9290da622a2b1a4b3985a0538c3e9ed8ceb8ce9736d7bdcf8b |
kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 2e50d0a79275794df6fd2a17026182b0ff4543ab77bdc2fd0993263ef04c3bce |
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: eec2cf0a77da5692aed9daa3b6a0cd2e5daf858ab852730b125bcb39b036ba54 |
kernel-rt-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: fce9be00dd46d62af0d354c6abfc1c14142f856f65e4d70189a963fcfaee0171 |
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 4b62e1c58cb9a25b39c88ae4f8be320c62844c790343186ad17bb394870b5f82 |
kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: fe4c1d328f5ecc2edd70fef2ba55871ad47a9c3a6c6f35b22fb4c1ac6d1f5fe7 |
kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7.noarch.rpm | SHA-256: e2f94bc5af3aadd0916f7fd19fd87db6d800b151cbbb8fef9505203fbbb48b41 |
kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 640235a4fc4f75298125d8e59303455d96fc03bcdbaf887adbeac22ec3d1b85a |
kernel-rt-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: ff6e3a8a3d8b036af4e7fb3740da73c1308555795e7e277ee5f87f69640655e6 |
kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 158e61e24a71c845b46f4ffd2e202b444676f0f2d3e43dd1c79da0ebc9415552 |
kernel-rt-trace-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 12b1cbe67a7caa1de415f308c3f77e2fca606b54d809567515384f9874f10b12 |
kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 454497df163a447a2f9f37bdec521f5ffbb66907706199421041a0a9da656983 |
kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: 66b61002e5172a523816e1ef142757040613f4b37027c321b9c77409a70feff6 |
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.80.1.rt56.1225.el7.x86_64.rpm | SHA-256: f402822264867856ecb83ea0a5e745fc5a05333384c9b6a6e1fe74ebdc0bb0fc |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.