Headline
RHSA-2022:0771: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- CVE-2021-4028: kernel: use-after-free in RDMA listen()
- CVE-2022-0330: kernel: possible privileges escalation due to missing TLB flush
- CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
- CVE-2022-22942: kernel: failing usercopy allows for use-after-free exploitation
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-08
Updated:
2022-03-08
RHSA-2022:0771 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
- kernel: use-after-free in RDMA listen() (CVE-2021-4028)
- kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
- kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
- kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.4.z7 source tree (BZ#2042461)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
- BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
- BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
- BZ - 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
CVEs
- CVE-2021-0920
- CVE-2021-4028
- CVE-2022-0330
- CVE-2022-0435
- CVE-2022-22942
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
SRPM
kernel-rt-4.18.0-305.40.1.rt7.112.el8_4.src.rpm
SHA-256: 9494e29a6472b8d96a1b78ff3ac973d4d023350bda59467e3a012f1c3763af56
x86_64
kernel-rt-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 6c6083f19241b2df96306f8a67675a8591fcd669843e1c8e243a5dbcb9d14524
kernel-rt-core-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a39fc2ab6f766e66f3a4eb45f7d22376936a274449c69243ea9a88d7797c01ec
kernel-rt-debug-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: d2494557df67d66cbd05542d8a718c9cccfbee452d99cd2a6ef242a13bdb7fc8
kernel-rt-debug-core-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 27ebb3a9bc1cb66dc28c6f40f345705bf0de5b13c0ec98c60c2cb09c14e236c8
kernel-rt-debug-debuginfo-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 03635b65505ee9dc0fc5db0dc95558b7800c033adb7e6ff1fbdf034c0480b8d0
kernel-rt-debug-devel-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 6fe649e707f71e60e6117bdcfe5aef24cebf25e2a64a0568c8e7dee8e3dc3e1b
kernel-rt-debug-modules-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a7b62327087158482c21f63574a60a74431747dfdb1243934fa2983a37858e38
kernel-rt-debug-modules-extra-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: e884806594d35a9bc7bfec07ef502dd56af87d9612ff5e5b135db4cfacb8a409
kernel-rt-debuginfo-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a46ace605d678905388751f9047b9b85e6d794814ba83a8c28cf8581347d598b
kernel-rt-debuginfo-common-x86_64-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: d61055384e83a7d6731f77feb15143fe11dd75db186c15d943b125a3e0acc288
kernel-rt-devel-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: ae76b6830451049aaaa5fa6ac3acd7bbb16f8f2efc02638603b84b486fcee2af
kernel-rt-modules-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 4c2510a2a8d2d51150f851203377540764d1b8b8c75ad3c054bcef8e545ae142
kernel-rt-modules-extra-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 9d1cb004bbd955facee8b8a00e3a8dc5eb7e762f6050c24090fd2cc7008feed6
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
SRPM
kernel-rt-4.18.0-305.40.1.rt7.112.el8_4.src.rpm
SHA-256: 9494e29a6472b8d96a1b78ff3ac973d4d023350bda59467e3a012f1c3763af56
x86_64
kernel-rt-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 6c6083f19241b2df96306f8a67675a8591fcd669843e1c8e243a5dbcb9d14524
kernel-rt-core-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a39fc2ab6f766e66f3a4eb45f7d22376936a274449c69243ea9a88d7797c01ec
kernel-rt-debug-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: d2494557df67d66cbd05542d8a718c9cccfbee452d99cd2a6ef242a13bdb7fc8
kernel-rt-debug-core-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 27ebb3a9bc1cb66dc28c6f40f345705bf0de5b13c0ec98c60c2cb09c14e236c8
kernel-rt-debug-debuginfo-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 03635b65505ee9dc0fc5db0dc95558b7800c033adb7e6ff1fbdf034c0480b8d0
kernel-rt-debug-devel-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 6fe649e707f71e60e6117bdcfe5aef24cebf25e2a64a0568c8e7dee8e3dc3e1b
kernel-rt-debug-kvm-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a36505981ecb84e949b5121c7bf59d41f9976209055b954d83aad41144daf626
kernel-rt-debug-modules-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a7b62327087158482c21f63574a60a74431747dfdb1243934fa2983a37858e38
kernel-rt-debug-modules-extra-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: e884806594d35a9bc7bfec07ef502dd56af87d9612ff5e5b135db4cfacb8a409
kernel-rt-debuginfo-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: a46ace605d678905388751f9047b9b85e6d794814ba83a8c28cf8581347d598b
kernel-rt-debuginfo-common-x86_64-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: d61055384e83a7d6731f77feb15143fe11dd75db186c15d943b125a3e0acc288
kernel-rt-devel-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: ae76b6830451049aaaa5fa6ac3acd7bbb16f8f2efc02638603b84b486fcee2af
kernel-rt-kvm-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: da6fbb867f9756c8ee8c168e6a5c5ed3647249c72601f618472f083b3eaf58d7
kernel-rt-modules-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 4c2510a2a8d2d51150f851203377540764d1b8b8c75ad3c054bcef8e545ae142
kernel-rt-modules-extra-4.18.0-305.40.1.rt7.112.el8_4.x86_64.rpm
SHA-256: 9d1cb004bbd955facee8b8a00e3a8dc5eb7e762f6050c24090fd2cc7008feed6
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.