Red Hat Product Errata RHSA-2023:0348 - Security Advisory
Issued:
2023-01-23
Updated:
2023-01-23

RHSA-2023:0348 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
  • kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
  • kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
  • kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64

Fixes

  • BZ - 2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.
  • BZ - 2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation
  • BZ - 2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data
  • BZ - 2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

Red Hat Enterprise Linux for x86_64 9

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux for Power, little endian 9

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
ppc64le
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.ppc64le.rpm SHA-256: a2f09a588313853db2359de11412796d6df559c454e2ada56b5f7ce8b9a80326
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.ppc64le.rpm SHA-256: 7ab83f815c4f1ae97cc75d15a2d1f9a6aa7171262b35cbf4af5695d9803a6d72
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.ppc64le.rpm SHA-256: 2f2905fb9802466a72f0f170deeebff9e40ff36e620e02957952ed154f32b376

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
ppc64le
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.ppc64le.rpm SHA-256: a2f09a588313853db2359de11412796d6df559c454e2ada56b5f7ce8b9a80326
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.ppc64le.rpm SHA-256: 7ab83f815c4f1ae97cc75d15a2d1f9a6aa7171262b35cbf4af5695d9803a6d72
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.ppc64le.rpm SHA-256: 2f2905fb9802466a72f0f170deeebff9e40ff36e620e02957952ed154f32b376

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
ppc64le
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.ppc64le.rpm SHA-256: a2f09a588313853db2359de11412796d6df559c454e2ada56b5f7ce8b9a80326
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.ppc64le.rpm SHA-256: 7ab83f815c4f1ae97cc75d15a2d1f9a6aa7171262b35cbf4af5695d9803a6d72
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.ppc64le.rpm SHA-256: 2f2905fb9802466a72f0f170deeebff9e40ff36e620e02957952ed154f32b376

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
ppc64le
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.ppc64le.rpm SHA-256: a2f09a588313853db2359de11412796d6df559c454e2ada56b5f7ce8b9a80326
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.ppc64le.rpm SHA-256: 7ab83f815c4f1ae97cc75d15a2d1f9a6aa7171262b35cbf4af5695d9803a6d72
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.ppc64le.rpm SHA-256: 2f2905fb9802466a72f0f170deeebff9e40ff36e620e02957952ed154f32b376

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
ppc64le
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.ppc64le.rpm SHA-256: a2f09a588313853db2359de11412796d6df559c454e2ada56b5f7ce8b9a80326
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.ppc64le.rpm SHA-256: 7ab83f815c4f1ae97cc75d15a2d1f9a6aa7171262b35cbf4af5695d9803a6d72
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.ppc64le.rpm SHA-256: 2f2905fb9802466a72f0f170deeebff9e40ff36e620e02957952ed154f32b376

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.src.rpm SHA-256: e0d16cb9bb994d71d5c6938afb7344e93a3a0c66c04173047ca11c5105969fad
x86_64
kpatch-patch-5_14_0-162_6_1-1-1.el9_1.x86_64.rpm SHA-256: 9a59384ee490daa65e329e53ba45cff2165877e0d8a3596227474c2a1494f943
kpatch-patch-5_14_0-162_6_1-debuginfo-1-1.el9_1.x86_64.rpm SHA-256: 62442c96aa4f918e7fe79d2fe5d580f73f254584a47305e87afbb4a4b253d2b9
kpatch-patch-5_14_0-162_6_1-debugsource-1-1.el9_1.x86_64.rpm SHA-256: 676d0b3b3307edc4294656b8b9c434a76ab219b9ab2eeb3b9bf375009e50bc4f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.