Red Hat Product Errata RHSA-2022:8941 - Security Advisory
Issued:
2022-12-13
Updated:
2022-12-13

RHSA-2022:8941 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)
  • kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-8.2.z22 Batch (BZ#2138929)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64

Fixes

  • BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
  • BZ - 2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.src.rpm SHA-256: 353d29e0a2250bcf9d43124a37db965847a0b1a190299c09fa5471c7c15178dc
x86_64
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 5ae49a2d5d6b8359e26310be3533b177a17f78b45c7736872885ef8ec8e094b8
kernel-rt-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 31d2ea946461bea7faa91ccc174e81f3022b652564a8c09ebf5e0e48f555fa37
kernel-rt-debug-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 55c079c1e54e12d82ae8ff9a8f8de73e985fcad005912d50772699097a9b3f97
kernel-rt-debug-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 921c4701fe70aeb5853dbc29f3aab95632dfb1047aa0b735f5a439c9d3fe6b01
kernel-rt-debug-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 84b17d9f63129ff3e7358dc3d467d00e5b5fbfa774b77f6a503fed189b493778
kernel-rt-debug-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: a336a75786ae303febd05a9d8778260a258361ba517ef95b1fa7b28f561cf30a
kernel-rt-debug-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 8c8c15742e4f8b5494c761fa367c312bb98cb11ef649a8f7d506d1c38a66931e
kernel-rt-debug-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: b3fc5cdf215be5004cfe0bc05d77392ac0af8916bdfb80b7139c6faefabd9160
kernel-rt-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 9aea4dff50795fc2541d30ab450a13a932627c665ac139c1d416afa0219b093a
kernel-rt-debuginfo-common-x86_64-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 037b91b3d38e8d6fabe6eb104a189ca37b06404115da5239c6e6ad08b5bb6f85
kernel-rt-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 178ee210ec1ac93679b4a353d209cc2dff0fb0026ff91620a4dc5d51bea3830d
kernel-rt-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: f698c160f57b2eb8cebc440a9a21b1b73349b4e082decb9a821069d211f11ba1
kernel-rt-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: b6b1eab588fec06a0534f8b4e2ecdf0c49d4e06bf0f5e5d10c38cf9c69cf18d3

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.src.rpm SHA-256: 353d29e0a2250bcf9d43124a37db965847a0b1a190299c09fa5471c7c15178dc
x86_64
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 5ae49a2d5d6b8359e26310be3533b177a17f78b45c7736872885ef8ec8e094b8
kernel-rt-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 31d2ea946461bea7faa91ccc174e81f3022b652564a8c09ebf5e0e48f555fa37
kernel-rt-debug-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 55c079c1e54e12d82ae8ff9a8f8de73e985fcad005912d50772699097a9b3f97
kernel-rt-debug-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 921c4701fe70aeb5853dbc29f3aab95632dfb1047aa0b735f5a439c9d3fe6b01
kernel-rt-debug-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 84b17d9f63129ff3e7358dc3d467d00e5b5fbfa774b77f6a503fed189b493778
kernel-rt-debug-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: a336a75786ae303febd05a9d8778260a258361ba517ef95b1fa7b28f561cf30a
kernel-rt-debug-kvm-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 5fff54f0c84b901e818bb74298a685ab24708b6cbf764c3827a040bf2d1ffa6b
kernel-rt-debug-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 8c8c15742e4f8b5494c761fa367c312bb98cb11ef649a8f7d506d1c38a66931e
kernel-rt-debug-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: b3fc5cdf215be5004cfe0bc05d77392ac0af8916bdfb80b7139c6faefabd9160
kernel-rt-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 9aea4dff50795fc2541d30ab450a13a932627c665ac139c1d416afa0219b093a
kernel-rt-debuginfo-common-x86_64-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 037b91b3d38e8d6fabe6eb104a189ca37b06404115da5239c6e6ad08b5bb6f85
kernel-rt-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: 178ee210ec1ac93679b4a353d209cc2dff0fb0026ff91620a4dc5d51bea3830d
kernel-rt-kvm-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: d5eae2f35fff42ba4ebc5a3bdc80b9d57e26b9f8ca2b864ba40842f8f9cc0f8f
kernel-rt-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: f698c160f57b2eb8cebc440a9a21b1b73349b4e082decb9a821069d211f11ba1
kernel-rt-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm SHA-256: b6b1eab588fec06a0534f8b4e2ecdf0c49d4e06bf0f5e5d10c38cf9c69cf18d3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.