- Issued:
- 2023-03-14
- Updated:
- 2023-03-14
RHSA-2023:1220 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
- kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
- kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z15 source tree. (BZ#2162415)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action
- BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
- BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.src.rpm | SHA-256: 111d7206a25bc3af962a16ebe80e5c821379769e20dd048b6ac294daf1a9b616 |
| x86_64 | |
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 99d0bd8695e60090236bf80cefcda295a1eafa8cf93f7177b90dbf0e98ee1280 |
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 99d0bd8695e60090236bf80cefcda295a1eafa8cf93f7177b90dbf0e98ee1280 |
| kernel-rt-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f5714be110a4f4f2fa6c0c875549cd65cc521623df550243ab7bcbac5a02914a |
| kernel-rt-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f5714be110a4f4f2fa6c0c875549cd65cc521623df550243ab7bcbac5a02914a |
| kernel-rt-debug-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 2efc0e8074b476c923b94e0add1175955f68b6e7b6831157e87f6731ddae215e |
| kernel-rt-debug-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 2efc0e8074b476c923b94e0add1175955f68b6e7b6831157e87f6731ddae215e |
| kernel-rt-debug-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: cd74d4d958a21dd24c56cb3a47e2af7c8cea52aa213ec1161fbc74a4db85a994 |
| kernel-rt-debug-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: cd74d4d958a21dd24c56cb3a47e2af7c8cea52aa213ec1161fbc74a4db85a994 |
| kernel-rt-debug-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: d8d93e086a73f8284c2ba2f4673ba92306690b00ef653defa66c03ea5e9627a1 |
| kernel-rt-debug-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: d8d93e086a73f8284c2ba2f4673ba92306690b00ef653defa66c03ea5e9627a1 |
| kernel-rt-debug-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f662f3f01f29d42beecf58bcf1eeccfb6812ede50c5f528674041b921317d4f5 |
| kernel-rt-debug-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f662f3f01f29d42beecf58bcf1eeccfb6812ede50c5f528674041b921317d4f5 |
| kernel-rt-debug-kvm-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 14936a7f679709056b613c3da1ae3f7f7e8178b0174c97027989d0eb02a96500 |
| kernel-rt-debug-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 0acbd90ad1c932abaa8ad8c4104a312db2ea3e63583e7e5dff50749abd127bb1 |
| kernel-rt-debug-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 0acbd90ad1c932abaa8ad8c4104a312db2ea3e63583e7e5dff50749abd127bb1 |
| kernel-rt-debug-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f4cdf4f1eace6dc305cbf674e21d03a796e261e4abd9d9fb41e0a9c61b683280 |
| kernel-rt-debug-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f4cdf4f1eace6dc305cbf674e21d03a796e261e4abd9d9fb41e0a9c61b683280 |
| kernel-rt-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 74440eb58584f59b9273cd89308460dd9e509c16ca292c615b56211c1b5085fa |
| kernel-rt-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 74440eb58584f59b9273cd89308460dd9e509c16ca292c615b56211c1b5085fa |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 01b2f44ad5eef9e32eb22794146a715ba09c67b693e6d6106c7d2535da545993 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 01b2f44ad5eef9e32eb22794146a715ba09c67b693e6d6106c7d2535da545993 |
| kernel-rt-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 450cabb1b56175fd852c28486afa388323ffc9b635cc2997f2452d2d455db024 |
| kernel-rt-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 450cabb1b56175fd852c28486afa388323ffc9b635cc2997f2452d2d455db024 |
| kernel-rt-kvm-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 68ab6f5de2c966fc84f3c7a81b9496a8415519c564dcd1578b06b1eeece2d0d1 |
| kernel-rt-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 41156e8f49ffba22c75635df8d8abe56d012aa3e5d7874e7724de5c34661ad78 |
| kernel-rt-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 41156e8f49ffba22c75635df8d8abe56d012aa3e5d7874e7724de5c34661ad78 |
| kernel-rt-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f350c699f4a5131cdcabda242f9651b5a7954d56d4e66e51666afa13eab3b3c5 |
| kernel-rt-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f350c699f4a5131cdcabda242f9651b5a7954d56d4e66e51666afa13eab3b3c5 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.src.rpm | SHA-256: 111d7206a25bc3af962a16ebe80e5c821379769e20dd048b6ac294daf1a9b616 |
| x86_64 | |
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 99d0bd8695e60090236bf80cefcda295a1eafa8cf93f7177b90dbf0e98ee1280 |
| kernel-rt-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f5714be110a4f4f2fa6c0c875549cd65cc521623df550243ab7bcbac5a02914a |
| kernel-rt-debug-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 2efc0e8074b476c923b94e0add1175955f68b6e7b6831157e87f6731ddae215e |
| kernel-rt-debug-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: cd74d4d958a21dd24c56cb3a47e2af7c8cea52aa213ec1161fbc74a4db85a994 |
| kernel-rt-debug-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: d8d93e086a73f8284c2ba2f4673ba92306690b00ef653defa66c03ea5e9627a1 |
| kernel-rt-debug-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f662f3f01f29d42beecf58bcf1eeccfb6812ede50c5f528674041b921317d4f5 |
| kernel-rt-debug-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 0acbd90ad1c932abaa8ad8c4104a312db2ea3e63583e7e5dff50749abd127bb1 |
| kernel-rt-debug-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f4cdf4f1eace6dc305cbf674e21d03a796e261e4abd9d9fb41e0a9c61b683280 |
| kernel-rt-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 74440eb58584f59b9273cd89308460dd9e509c16ca292c615b56211c1b5085fa |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 01b2f44ad5eef9e32eb22794146a715ba09c67b693e6d6106c7d2535da545993 |
| kernel-rt-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 450cabb1b56175fd852c28486afa388323ffc9b635cc2997f2452d2d455db024 |
| kernel-rt-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 41156e8f49ffba22c75635df8d8abe56d012aa3e5d7874e7724de5c34661ad78 |
| kernel-rt-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f350c699f4a5131cdcabda242f9651b5a7954d56d4e66e51666afa13eab3b3c5 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.src.rpm | SHA-256: 111d7206a25bc3af962a16ebe80e5c821379769e20dd048b6ac294daf1a9b616 |
| x86_64 | |
| kernel-rt-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 99d0bd8695e60090236bf80cefcda295a1eafa8cf93f7177b90dbf0e98ee1280 |
| kernel-rt-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f5714be110a4f4f2fa6c0c875549cd65cc521623df550243ab7bcbac5a02914a |
| kernel-rt-debug-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 2efc0e8074b476c923b94e0add1175955f68b6e7b6831157e87f6731ddae215e |
| kernel-rt-debug-core-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: cd74d4d958a21dd24c56cb3a47e2af7c8cea52aa213ec1161fbc74a4db85a994 |
| kernel-rt-debug-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: d8d93e086a73f8284c2ba2f4673ba92306690b00ef653defa66c03ea5e9627a1 |
| kernel-rt-debug-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f662f3f01f29d42beecf58bcf1eeccfb6812ede50c5f528674041b921317d4f5 |
| kernel-rt-debug-kvm-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 14936a7f679709056b613c3da1ae3f7f7e8178b0174c97027989d0eb02a96500 |
| kernel-rt-debug-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 0acbd90ad1c932abaa8ad8c4104a312db2ea3e63583e7e5dff50749abd127bb1 |
| kernel-rt-debug-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f4cdf4f1eace6dc305cbf674e21d03a796e261e4abd9d9fb41e0a9c61b683280 |
| kernel-rt-debuginfo-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 74440eb58584f59b9273cd89308460dd9e509c16ca292c615b56211c1b5085fa |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 01b2f44ad5eef9e32eb22794146a715ba09c67b693e6d6106c7d2535da545993 |
| kernel-rt-devel-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 450cabb1b56175fd852c28486afa388323ffc9b635cc2997f2452d2d455db024 |
| kernel-rt-kvm-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 68ab6f5de2c966fc84f3c7a81b9496a8415519c564dcd1578b06b1eeece2d0d1 |
| kernel-rt-modules-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: 41156e8f49ffba22c75635df8d8abe56d012aa3e5d7874e7724de5c34661ad78 |
| kernel-rt-modules-extra-4.18.0-305.82.1.rt7.154.el8_4.x86_64.rpm | SHA-256: f350c699f4a5131cdcabda242f9651b5a7954d56d4e66e51666afa13eab3b3c5 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
