- Issued:
- 2022-11-29
- Updated:
- 2022-11-29
RHSA-2022:8673 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117027)
- Backport use of a dedicate thread for timer wakeups (BZ#2127206)
- Update RT source tree to the RHEL-8.4.z13 source tree. (BZ#2129948)
- Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139853)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
CVEs
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
SRPM | |
---|---|
kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.src.rpm | SHA-256: cbe4a1b0e2167acb989ba855ce2782618519be269a8ad1f90a87579f8aaee424 |
x86_64 | |
kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 7438d03f3935006cd3d1151dc0f313f76ffe861f2a905ee253c972a780442e30 |
kernel-rt-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: e79da1407ae88573bbcc4f845d9c1607362658021fef36b157803172ae85d1cb |
kernel-rt-debug-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 5abb0378b1b22d6c734e5247a6e5c4c9092df62cb194c592e33b839cbbdc9f5f |
kernel-rt-debug-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: b1c243c9ed3b7429a5509db58348a9ca3b2b1c6aead2c2197359923193b547fc |
kernel-rt-debug-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 7e26bd645b05d22e168bb6605bb226e23dc303e5fc08d5a78f3aa99aa83b5ea8 |
kernel-rt-debug-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: d8eb31b79d741c4357e0bbbebe092d7f8c362e42e5a71e92de161a3f0cd5ff99 |
kernel-rt-debug-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 0b085c6795bd02b6a10a94ba3d31dad37018d2ad902b23dca9cc89e5915ad9b0 |
kernel-rt-debug-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 925ae6288cb6ad95cb960554e1653f5875bbc3b53bb37034730c214d86382954 |
kernel-rt-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 0b320894f43aa2d8c75db94a237278da4230880996dd11282d1239635a439666 |
kernel-rt-debuginfo-common-x86_64-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 229b24190fbad1d1c6d244a84ee8458eb1d98f4600c80684ef546e071a296e2f |
kernel-rt-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 6e9ddeeccbef6c64497e82adacb9cbfcc79e4078477d71000e5004d404ccbdc2 |
kernel-rt-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 801241acb992e1626c4d49656c06ca7f52c9be20bc248eba5b5edc5cb518bb93 |
kernel-rt-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 6c8d39a7bc31574c4db6fd1bb5eeb52035f7096cf81a454545f3818a9fb2a0ca |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
SRPM | |
---|---|
kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.src.rpm | SHA-256: cbe4a1b0e2167acb989ba855ce2782618519be269a8ad1f90a87579f8aaee424 |
x86_64 | |
kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 7438d03f3935006cd3d1151dc0f313f76ffe861f2a905ee253c972a780442e30 |
kernel-rt-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: e79da1407ae88573bbcc4f845d9c1607362658021fef36b157803172ae85d1cb |
kernel-rt-debug-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 5abb0378b1b22d6c734e5247a6e5c4c9092df62cb194c592e33b839cbbdc9f5f |
kernel-rt-debug-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: b1c243c9ed3b7429a5509db58348a9ca3b2b1c6aead2c2197359923193b547fc |
kernel-rt-debug-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 7e26bd645b05d22e168bb6605bb226e23dc303e5fc08d5a78f3aa99aa83b5ea8 |
kernel-rt-debug-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: d8eb31b79d741c4357e0bbbebe092d7f8c362e42e5a71e92de161a3f0cd5ff99 |
kernel-rt-debug-kvm-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 94ed2c0d9c0695952d43a2670c75f85259d57f7ececa7a3f7cef6e9b91547379 |
kernel-rt-debug-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 0b085c6795bd02b6a10a94ba3d31dad37018d2ad902b23dca9cc89e5915ad9b0 |
kernel-rt-debug-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 925ae6288cb6ad95cb960554e1653f5875bbc3b53bb37034730c214d86382954 |
kernel-rt-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 0b320894f43aa2d8c75db94a237278da4230880996dd11282d1239635a439666 |
kernel-rt-debuginfo-common-x86_64-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 229b24190fbad1d1c6d244a84ee8458eb1d98f4600c80684ef546e071a296e2f |
kernel-rt-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 6e9ddeeccbef6c64497e82adacb9cbfcc79e4078477d71000e5004d404ccbdc2 |
kernel-rt-kvm-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 287de0f807a2c95725437c2b9e386d8cd88b5532df9d1ede84d67b52fe258480 |
kernel-rt-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 801241acb992e1626c4d49656c06ca7f52c9be20bc248eba5b5edc5cb518bb93 |
kernel-rt-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm | SHA-256: 6c8d39a7bc31574c4db6fd1bb5eeb52035f7096cf81a454545f3818a9fb2a0ca |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.