Red Hat Product Errata RHSA-2022:8974 - Security Advisory
Issued:
2022-12-13
Updated:
2022-12-13

RHSA-2022:8974 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)
  • kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
  • kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
  • kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
  • hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
  • hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
  • hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)
  • hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
  • hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
  • hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
  • hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.0.z5 Batch (BZ#2137580)
  • [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139864)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
  • BZ - 2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
  • BZ - 2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
  • BZ - 2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)
  • BZ - 2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
  • BZ - 2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)
  • BZ - 2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions
  • BZ - 2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)
  • BZ - 2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation
  • BZ - 2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
  • BZ - 2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.src.rpm SHA-256: d124420cc28d82e15b4ae12b8b854d9b50f14cd88914882ddeba86471d9f27ed
x86_64
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 894cda9e355f357f3821fb8afaebcaeab853c8f6c8c599bd31dfec8f860fe083
kernel-rt-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 894cda9e355f357f3821fb8afaebcaeab853c8f6c8c599bd31dfec8f860fe083
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 0e91ed86e8571a6af2c710cfea35ea6aa82ed28877e540c421077071bdd81208
kernel-rt-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 0e91ed86e8571a6af2c710cfea35ea6aa82ed28877e540c421077071bdd81208
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 61db6c6f896009cddb552ccf49a3498e86bfb8ad9111bd008533d87f0189fa31
kernel-rt-debug-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 61db6c6f896009cddb552ccf49a3498e86bfb8ad9111bd008533d87f0189fa31
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 51da78f67d9e9ad0bdad80fa6623c07809b1cd4004e4f5d424ee3b847efaa8d0
kernel-rt-debug-core-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 51da78f67d9e9ad0bdad80fa6623c07809b1cd4004e4f5d424ee3b847efaa8d0
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 981deecfca52fbabcf1f4d50afb79d24e3589b80be2538bd012fd9fa65bac876
kernel-rt-debug-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 981deecfca52fbabcf1f4d50afb79d24e3589b80be2538bd012fd9fa65bac876
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 8beb819d8bb5c2fd594b01d09c0c3445c2e68b8602c687d9abb8b9e8d0eeb476
kernel-rt-debug-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 8beb819d8bb5c2fd594b01d09c0c3445c2e68b8602c687d9abb8b9e8d0eeb476
kernel-rt-debug-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 7f842ce435c2982112ad594489385f357cf78659f869f903da1e5d6ba73b23f7
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 302d814a30a937ecb1029490b510899f06f918311852bf67865a111a7b542430
kernel-rt-debug-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 302d814a30a937ecb1029490b510899f06f918311852bf67865a111a7b542430
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 783cf058d2b223eb86b9a82242ae487a29a562d88b4bbca10c0cd0a5729a5715
kernel-rt-debug-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 783cf058d2b223eb86b9a82242ae487a29a562d88b4bbca10c0cd0a5729a5715
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: a8dd0c727394ae96b020d8e666ebf3b0158463846746a469a41cf6e1d1797661
kernel-rt-debuginfo-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: a8dd0c727394ae96b020d8e666ebf3b0158463846746a469a41cf6e1d1797661
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 370c59c527080551f5ebcf646862b9628b09877e9043265a96fb75f0ca7fca65
kernel-rt-debuginfo-common-x86_64-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 370c59c527080551f5ebcf646862b9628b09877e9043265a96fb75f0ca7fca65
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: af4ee0805a6d46dc0aa9d058f8aa4960260cfa30a87b2533e09a7b0a07eeb773
kernel-rt-devel-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: af4ee0805a6d46dc0aa9d058f8aa4960260cfa30a87b2533e09a7b0a07eeb773
kernel-rt-kvm-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: f056e0f8bd87e73bce4a407d1bdf741d85ae35e39514211bb6cc411bec8cc944
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: a7cab29ab480ac626ab42a12f98e41cf5e94ef64e045c51aa57f41c02c6da0d7
kernel-rt-modules-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: a7cab29ab480ac626ab42a12f98e41cf5e94ef64e045c51aa57f41c02c6da0d7
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 8ede57843e94f492b05d5d64f3402b558b120788b6ae4ad49484793e1b0e3f97
kernel-rt-modules-extra-5.14.0-70.36.1.rt21.108.el9_0.x86_64.rpm SHA-256: 8ede57843e94f492b05d5d64f3402b558b120788b6ae4ad49484793e1b0e3f97

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.