Red Hat Product Errata RHSA-2023:0839 - Security Advisory
Issued:
2023-02-21
Updated:
2023-02-21

RHSA-2023:0839 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
  • kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability
  • BZ - 2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data

Red Hat Enterprise Linux for x86_64 8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
x86_64
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm SHA-256: a324c6b06e37fc65351db76bc5732bca354a097bbe5c9c96cfa63b858f59432e
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm SHA-256: 5e26b7f5eb87eea9647f4aa00b77fd6971330ca6b9a623eebb9586f2abde73f5
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm SHA-256: d53a7806d4db566368cffa0f7b88568e0e6335f967fdf8fc03fadd546a444fe5
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm SHA-256: da3eda09e22ee4abc5ecef5499b5e41308bef00e71a7d823b148e792e671639b
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm SHA-256: a59fecbe7ea790506f49a30512fe49e04a59d70456d6ee8158d7140867700d49
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm SHA-256: 8c62682970e1c4cf1e0686f04f51a382e1e7aa8afa2b7bce32042b8b08c4e1f3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
x86_64
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm SHA-256: a324c6b06e37fc65351db76bc5732bca354a097bbe5c9c96cfa63b858f59432e
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm SHA-256: 5e26b7f5eb87eea9647f4aa00b77fd6971330ca6b9a623eebb9586f2abde73f5
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm SHA-256: d53a7806d4db566368cffa0f7b88568e0e6335f967fdf8fc03fadd546a444fe5
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm SHA-256: da3eda09e22ee4abc5ecef5499b5e41308bef00e71a7d823b148e792e671639b
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm SHA-256: a59fecbe7ea790506f49a30512fe49e04a59d70456d6ee8158d7140867700d49
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm SHA-256: 8c62682970e1c4cf1e0686f04f51a382e1e7aa8afa2b7bce32042b8b08c4e1f3

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
x86_64
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm SHA-256: a324c6b06e37fc65351db76bc5732bca354a097bbe5c9c96cfa63b858f59432e
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm SHA-256: 5e26b7f5eb87eea9647f4aa00b77fd6971330ca6b9a623eebb9586f2abde73f5
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm SHA-256: d53a7806d4db566368cffa0f7b88568e0e6335f967fdf8fc03fadd546a444fe5
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm SHA-256: da3eda09e22ee4abc5ecef5499b5e41308bef00e71a7d823b148e792e671639b
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm SHA-256: a59fecbe7ea790506f49a30512fe49e04a59d70456d6ee8158d7140867700d49
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm SHA-256: 8c62682970e1c4cf1e0686f04f51a382e1e7aa8afa2b7bce32042b8b08c4e1f3

Red Hat Enterprise Linux for Power, little endian 8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
ppc64le
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.ppc64le.rpm SHA-256: e22ac98026bdef91fe0f9e87ce8d93088de4b97827803a18b63924b5654def8d
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.ppc64le.rpm SHA-256: a7a5e6e3f381bdb24c9afe22658f80c07fbdb7e37ca4ff67b785cda47c36aec1
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.ppc64le.rpm SHA-256: c250835066598c95d3125aecb29f7a6e705701ee4797a866ae3d3ae432207383
kpatch-patch-4_18_0-425_3_1-1-3.el8.ppc64le.rpm SHA-256: 8feff6edd2133ae8471eb36170bf16e353e9d89a9193f912986dfa6a35be9a67
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.ppc64le.rpm SHA-256: 7c9f6de9d90859228dc79cd7fe5628e1a112ad2d24041764284583d8153f3d62
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.ppc64le.rpm SHA-256: 0f4d7fb02deb79143c71dcad0ec2d6e2faa95b1eab03ae5088aa2a58f396ebb9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
ppc64le
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.ppc64le.rpm SHA-256: e22ac98026bdef91fe0f9e87ce8d93088de4b97827803a18b63924b5654def8d
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.ppc64le.rpm SHA-256: a7a5e6e3f381bdb24c9afe22658f80c07fbdb7e37ca4ff67b785cda47c36aec1
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.ppc64le.rpm SHA-256: c250835066598c95d3125aecb29f7a6e705701ee4797a866ae3d3ae432207383
kpatch-patch-4_18_0-425_3_1-1-3.el8.ppc64le.rpm SHA-256: 8feff6edd2133ae8471eb36170bf16e353e9d89a9193f912986dfa6a35be9a67
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.ppc64le.rpm SHA-256: 7c9f6de9d90859228dc79cd7fe5628e1a112ad2d24041764284583d8153f3d62
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.ppc64le.rpm SHA-256: 0f4d7fb02deb79143c71dcad0ec2d6e2faa95b1eab03ae5088aa2a58f396ebb9

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
x86_64
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm SHA-256: a324c6b06e37fc65351db76bc5732bca354a097bbe5c9c96cfa63b858f59432e
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm SHA-256: 5e26b7f5eb87eea9647f4aa00b77fd6971330ca6b9a623eebb9586f2abde73f5
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm SHA-256: d53a7806d4db566368cffa0f7b88568e0e6335f967fdf8fc03fadd546a444fe5
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm SHA-256: da3eda09e22ee4abc5ecef5499b5e41308bef00e71a7d823b148e792e671639b
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm SHA-256: a59fecbe7ea790506f49a30512fe49e04a59d70456d6ee8158d7140867700d49
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm SHA-256: 8c62682970e1c4cf1e0686f04f51a382e1e7aa8afa2b7bce32042b8b08c4e1f3

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
ppc64le
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.ppc64le.rpm SHA-256: e22ac98026bdef91fe0f9e87ce8d93088de4b97827803a18b63924b5654def8d
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.ppc64le.rpm SHA-256: a7a5e6e3f381bdb24c9afe22658f80c07fbdb7e37ca4ff67b785cda47c36aec1
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.ppc64le.rpm SHA-256: c250835066598c95d3125aecb29f7a6e705701ee4797a866ae3d3ae432207383
kpatch-patch-4_18_0-425_3_1-1-3.el8.ppc64le.rpm SHA-256: 8feff6edd2133ae8471eb36170bf16e353e9d89a9193f912986dfa6a35be9a67
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.ppc64le.rpm SHA-256: 7c9f6de9d90859228dc79cd7fe5628e1a112ad2d24041764284583d8153f3d62
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.ppc64le.rpm SHA-256: 0f4d7fb02deb79143c71dcad0ec2d6e2faa95b1eab03ae5088aa2a58f396ebb9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.src.rpm SHA-256: f1c23f0e6fde3ffa57bbedd6e323ec1146f02ad6e56c0f1af42001a3a6659cfb
kpatch-patch-4_18_0-425_3_1-1-3.el8.src.rpm SHA-256: 6a1870522ecc7a9410dad8a1298170da0ee425419ce4cf259cd4109109b2c086
x86_64
kpatch-patch-4_18_0-425_10_1-1-1.el8_7.x86_64.rpm SHA-256: a324c6b06e37fc65351db76bc5732bca354a097bbe5c9c96cfa63b858f59432e
kpatch-patch-4_18_0-425_10_1-debuginfo-1-1.el8_7.x86_64.rpm SHA-256: 5e26b7f5eb87eea9647f4aa00b77fd6971330ca6b9a623eebb9586f2abde73f5
kpatch-patch-4_18_0-425_10_1-debugsource-1-1.el8_7.x86_64.rpm SHA-256: d53a7806d4db566368cffa0f7b88568e0e6335f967fdf8fc03fadd546a444fe5
kpatch-patch-4_18_0-425_3_1-1-3.el8.x86_64.rpm SHA-256: da3eda09e22ee4abc5ecef5499b5e41308bef00e71a7d823b148e792e671639b
kpatch-patch-4_18_0-425_3_1-debuginfo-1-3.el8.x86_64.rpm SHA-256: a59fecbe7ea790506f49a30512fe49e04a59d70456d6ee8158d7140867700d49
kpatch-patch-4_18_0-425_3_1-debugsource-1-3.el8.x86_64.rpm SHA-256: 8c62682970e1c4cf1e0686f04f51a382e1e7aa8afa2b7bce32042b8b08c4e1f3

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.