Red Hat Product Errata RHSA-2022:8686 - Security Advisory
Issued:
2022-11-29
Updated:
2022-11-29

RHSA-2022:8686 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
ppc64le

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.