- Issued:
- 2023-02-21
- Updated:
- 2023-02-21
RHSA-2023:0854 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
- kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
- kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- RHEL8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204)
- SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062)
- Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139851)
- scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469)
- The latest RHEL 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2119048 - CVE-2022-2873 kernel: an out-of-bounds vulnerability in i2c-ismt driver
- BZ - 2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability
- BZ - 2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data
Red Hat Enterprise Linux for Real Time 8
SRPM | |
---|---|
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm | SHA-256: 5b7c7554c842d65f718e3b68d7adf0852a727057a6a09b6a3b4401c9d1bfb87c |
x86_64 | |
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8b5afe4fd5999a5124ce34903929f3cd7c9720c3152d10c8011a0d9025b5f3e3 |
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: f63e4d149019bb2ed7f91307a0b59b02946a24c6f32e8d4cfbadeefaf8626aa0 |
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 2e16724ebae86f9f771a3d51290ca596a6f3fafba7c483c3730fb000fe125d12 |
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 84600f9468b8d16fff63e5addd8700fa96ea141ae94dbe36cce1c40cf15738a1 |
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c707a71ee22e7278b7c070a964e864ddebeb9f3a62341d797767e79a170ae217 |
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c6969f4708a44c3d75f411e5e6144759f4fa91cf96170f9d794f0e37fc92093e |
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 448c192ec1e70d13041d34d36400d96b46e53a0ff6e939094321a3e596b127c0 |
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c34d4e8a6f446ee4411a1b82d69fe5912ed1c0bd08c75ff0df017de6d82bd0fd |
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8e4e35dac773865dc1a0859bdb61547f6bc0b65d26f8ac4f5ed0a06504c74067 |
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c56c06614a0cd8de3f2344ca7d0bc0a17841adebeddb4f97319422fe3a8c3103 |
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: e008b45b91b76ed37284994a74a6b0c80803313af6ccf97a22fe03b522b25af0 |
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 762fa887a847003478334e9dc8f9690f92bc91b8d79f195a7c389f1c8677e84c |
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: b2b5986d2e945c797b45de4d6c600aa06114192785c1b1aeed336a4d21db8cf4 |
Red Hat Enterprise Linux for Real Time for NFV 8
SRPM | |
---|---|
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm | SHA-256: 5b7c7554c842d65f718e3b68d7adf0852a727057a6a09b6a3b4401c9d1bfb87c |
x86_64 | |
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8b5afe4fd5999a5124ce34903929f3cd7c9720c3152d10c8011a0d9025b5f3e3 |
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: f63e4d149019bb2ed7f91307a0b59b02946a24c6f32e8d4cfbadeefaf8626aa0 |
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 2e16724ebae86f9f771a3d51290ca596a6f3fafba7c483c3730fb000fe125d12 |
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 84600f9468b8d16fff63e5addd8700fa96ea141ae94dbe36cce1c40cf15738a1 |
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c707a71ee22e7278b7c070a964e864ddebeb9f3a62341d797767e79a170ae217 |
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c6969f4708a44c3d75f411e5e6144759f4fa91cf96170f9d794f0e37fc92093e |
kernel-rt-debug-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 72f90728f24a949b4d61a5dcb9dfd6cf920f5d6ad2566f99e154d02efea3289a |
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 448c192ec1e70d13041d34d36400d96b46e53a0ff6e939094321a3e596b127c0 |
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c34d4e8a6f446ee4411a1b82d69fe5912ed1c0bd08c75ff0df017de6d82bd0fd |
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8e4e35dac773865dc1a0859bdb61547f6bc0b65d26f8ac4f5ed0a06504c74067 |
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c56c06614a0cd8de3f2344ca7d0bc0a17841adebeddb4f97319422fe3a8c3103 |
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: e008b45b91b76ed37284994a74a6b0c80803313af6ccf97a22fe03b522b25af0 |
kernel-rt-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 1d35fb5caaaeb593c43899ebed623715d490e94ada1cd13a028e9775c582d22b |
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 762fa887a847003478334e9dc8f9690f92bc91b8d79f195a7c389f1c8677e84c |
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: b2b5986d2e945c797b45de4d6c600aa06114192785c1b1aeed336a4d21db8cf4 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
SRPM | |
---|---|
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm | SHA-256: 5b7c7554c842d65f718e3b68d7adf0852a727057a6a09b6a3b4401c9d1bfb87c |
x86_64 | |
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8b5afe4fd5999a5124ce34903929f3cd7c9720c3152d10c8011a0d9025b5f3e3 |
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: f63e4d149019bb2ed7f91307a0b59b02946a24c6f32e8d4cfbadeefaf8626aa0 |
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 2e16724ebae86f9f771a3d51290ca596a6f3fafba7c483c3730fb000fe125d12 |
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 84600f9468b8d16fff63e5addd8700fa96ea141ae94dbe36cce1c40cf15738a1 |
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c707a71ee22e7278b7c070a964e864ddebeb9f3a62341d797767e79a170ae217 |
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c6969f4708a44c3d75f411e5e6144759f4fa91cf96170f9d794f0e37fc92093e |
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 448c192ec1e70d13041d34d36400d96b46e53a0ff6e939094321a3e596b127c0 |
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c34d4e8a6f446ee4411a1b82d69fe5912ed1c0bd08c75ff0df017de6d82bd0fd |
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8e4e35dac773865dc1a0859bdb61547f6bc0b65d26f8ac4f5ed0a06504c74067 |
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c56c06614a0cd8de3f2344ca7d0bc0a17841adebeddb4f97319422fe3a8c3103 |
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: e008b45b91b76ed37284994a74a6b0c80803313af6ccf97a22fe03b522b25af0 |
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 762fa887a847003478334e9dc8f9690f92bc91b8d79f195a7c389f1c8677e84c |
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: b2b5986d2e945c797b45de4d6c600aa06114192785c1b1aeed336a4d21db8cf4 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
SRPM | |
---|---|
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.src.rpm | SHA-256: 5b7c7554c842d65f718e3b68d7adf0852a727057a6a09b6a3b4401c9d1bfb87c |
x86_64 | |
kernel-rt-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8b5afe4fd5999a5124ce34903929f3cd7c9720c3152d10c8011a0d9025b5f3e3 |
kernel-rt-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: f63e4d149019bb2ed7f91307a0b59b02946a24c6f32e8d4cfbadeefaf8626aa0 |
kernel-rt-debug-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 2e16724ebae86f9f771a3d51290ca596a6f3fafba7c483c3730fb000fe125d12 |
kernel-rt-debug-core-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 84600f9468b8d16fff63e5addd8700fa96ea141ae94dbe36cce1c40cf15738a1 |
kernel-rt-debug-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c707a71ee22e7278b7c070a964e864ddebeb9f3a62341d797767e79a170ae217 |
kernel-rt-debug-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c6969f4708a44c3d75f411e5e6144759f4fa91cf96170f9d794f0e37fc92093e |
kernel-rt-debug-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 72f90728f24a949b4d61a5dcb9dfd6cf920f5d6ad2566f99e154d02efea3289a |
kernel-rt-debug-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 448c192ec1e70d13041d34d36400d96b46e53a0ff6e939094321a3e596b127c0 |
kernel-rt-debug-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c34d4e8a6f446ee4411a1b82d69fe5912ed1c0bd08c75ff0df017de6d82bd0fd |
kernel-rt-debuginfo-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 8e4e35dac773865dc1a0859bdb61547f6bc0b65d26f8ac4f5ed0a06504c74067 |
kernel-rt-debuginfo-common-x86_64-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: c56c06614a0cd8de3f2344ca7d0bc0a17841adebeddb4f97319422fe3a8c3103 |
kernel-rt-devel-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: e008b45b91b76ed37284994a74a6b0c80803313af6ccf97a22fe03b522b25af0 |
kernel-rt-kvm-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 1d35fb5caaaeb593c43899ebed623715d490e94ada1cd13a028e9775c582d22b |
kernel-rt-modules-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: 762fa887a847003478334e9dc8f9690f92bc91b8d79f195a7c389f1c8677e84c |
kernel-rt-modules-extra-4.18.0-425.13.1.rt7.223.el8_7.x86_64.rpm | SHA-256: b2b5986d2e945c797b45de4d6c600aa06114192785c1b1aeed336a4d21db8cf4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.