Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0849: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • CVE-2021-4154: kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
  • CVE-2022-0330: kernel: possible privileges escalation due to missing TLB flush
  • CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
  • CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
  • CVE-2022-22942: kernel: failing usercopy allows for use-after-free exploitation
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-03-14

Updated:

2022-03-14

RHSA-2022:0849 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
  • kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout (CVE-2021-4154)
  • kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
  • kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS (CVE-2022-0435)
  • kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
  • kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

  • BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
  • BZ - 2034514 - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
  • BZ - 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush
  • BZ - 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation
  • BZ - 2048738 - CVE-2022-0435 kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
  • BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation

CVEs

  • CVE-2021-0920
  • CVE-2021-4154
  • CVE-2022-0330
  • CVE-2022-0435
  • CVE-2022-0492
  • CVE-2022-22942

Red Hat Enterprise Linux for x86_64 8

SRPM

kpatch-patch-4_18_0-348-1-3.el8.src.rpm

SHA-256: 6a458f70ec04d5344b79a17d65015d1516dfe97b3b5375b186f9d819da344994

kpatch-patch-4_18_0-348_12_2-1-1.el8_5.src.rpm

SHA-256: 07a370cc6e81243963a2f993ebaf28e2982632325884ecd01aef1699fe2c64d2

kpatch-patch-4_18_0-348_2_1-1-2.el8_5.src.rpm

SHA-256: 965e45e117393c9430451bde14af0548360949941249cd1e96e7143251f85171

kpatch-patch-4_18_0-348_7_1-1-2.el8_5.src.rpm

SHA-256: 190c1123db3add64496e9ec6f330a1432f63940d6e2da5561a037ea46a237903

x86_64

kpatch-patch-4_18_0-348-1-3.el8.x86_64.rpm

SHA-256: 286692c900f70984d069c0d45b9d8b01bc9a632a76f75377636190f9ba04c536

kpatch-patch-4_18_0-348-debuginfo-1-3.el8.x86_64.rpm

SHA-256: d6e2f664bbe447a8b8de54d5981e1fe576c4f54379a4d7908f14c8f8b7afdfeb

kpatch-patch-4_18_0-348-debugsource-1-3.el8.x86_64.rpm

SHA-256: 4c6b701cfb1304cca9e5482722a110db9cd92eaa78af6b90f854829a7a4615da

kpatch-patch-4_18_0-348_12_2-1-1.el8_5.x86_64.rpm

SHA-256: d82c46a0c3211a7e13338e54d5cfd35b416e8f41b0ed44792825e79fe5aa662b

kpatch-patch-4_18_0-348_12_2-debuginfo-1-1.el8_5.x86_64.rpm

SHA-256: 70f09b1410e3d559abc4bcc0e089dc2211d2f03d148fc3787c85265425d31173

kpatch-patch-4_18_0-348_12_2-debugsource-1-1.el8_5.x86_64.rpm

SHA-256: 45b1eafae020b0faca50260a5a5ffdd672ea1ba50457f86e0ff2a6c466a9eb75

kpatch-patch-4_18_0-348_2_1-1-2.el8_5.x86_64.rpm

SHA-256: 80158b5917c0150952ac908cbd9b5c02f80c9cda5ec20359eb81b73c2d174f16

kpatch-patch-4_18_0-348_2_1-debuginfo-1-2.el8_5.x86_64.rpm

SHA-256: 499b7317de69109ac6c6273d266837f464d1a23d64d470412f8d72edecc671ed

kpatch-patch-4_18_0-348_2_1-debugsource-1-2.el8_5.x86_64.rpm

SHA-256: 573e6f0e486781fb9e5397cbffdced4273dff4a1001123267fac2e53cbc83eae

kpatch-patch-4_18_0-348_7_1-1-2.el8_5.x86_64.rpm

SHA-256: 606c9bb847cde493957a50af74acb2fa49319b3da6e0c94bdb4ba0455e6e02e4

kpatch-patch-4_18_0-348_7_1-debuginfo-1-2.el8_5.x86_64.rpm

SHA-256: 3629508fc008500497cb915a26e43f40b5460066c6eef7671c5decd81dd056bb

kpatch-patch-4_18_0-348_7_1-debugsource-1-2.el8_5.x86_64.rpm

SHA-256: c29e61b42f4ad8a49ed670884b844f73004624048a908692f784b6c328dfb466

Red Hat Enterprise Linux for Power, little endian 8

SRPM

kpatch-patch-4_18_0-348-1-3.el8.src.rpm

SHA-256: 6a458f70ec04d5344b79a17d65015d1516dfe97b3b5375b186f9d819da344994

kpatch-patch-4_18_0-348_12_2-1-1.el8_5.src.rpm

SHA-256: 07a370cc6e81243963a2f993ebaf28e2982632325884ecd01aef1699fe2c64d2

kpatch-patch-4_18_0-348_2_1-1-2.el8_5.src.rpm

SHA-256: 965e45e117393c9430451bde14af0548360949941249cd1e96e7143251f85171

kpatch-patch-4_18_0-348_7_1-1-2.el8_5.src.rpm

SHA-256: 190c1123db3add64496e9ec6f330a1432f63940d6e2da5561a037ea46a237903

ppc64le

kpatch-patch-4_18_0-348-1-3.el8.ppc64le.rpm

SHA-256: dcb6d5a2b7c025d0e8ca3cb1f8e173748a9eefaffa879123ea781f0e05892d49

kpatch-patch-4_18_0-348-debuginfo-1-3.el8.ppc64le.rpm

SHA-256: 29e9d57c9b9f31ae6412bd46fd166b186c9f553098422fb1ebfbe49f44db1584

kpatch-patch-4_18_0-348-debugsource-1-3.el8.ppc64le.rpm

SHA-256: 5e566f75dac197b653dbea25e3a11355419ce87fa1125014a08c8a1ea308caa6

kpatch-patch-4_18_0-348_12_2-1-1.el8_5.ppc64le.rpm

SHA-256: f1c81a0cccc9d69d3514d2c865b12bd716b436489af448c9a156e0af15967396

kpatch-patch-4_18_0-348_12_2-debuginfo-1-1.el8_5.ppc64le.rpm

SHA-256: e72c097cb7a5b4c14eb481c7071d3de5b560f599d4c14b40a12db9eaf185db2c

kpatch-patch-4_18_0-348_12_2-debugsource-1-1.el8_5.ppc64le.rpm

SHA-256: ba1ec625c5603b47698421f491053b3102107d2b015142cd96a44a39a59a293b

kpatch-patch-4_18_0-348_2_1-1-2.el8_5.ppc64le.rpm

SHA-256: 96311f67c7ef94cc156237605d408be999b939c54c96de97e92f604c82737474

kpatch-patch-4_18_0-348_2_1-debuginfo-1-2.el8_5.ppc64le.rpm

SHA-256: 5dfbd488bb55bcaa378a75c31d4107c6d405cb46fc1404e92ad354a3c4ac9920

kpatch-patch-4_18_0-348_2_1-debugsource-1-2.el8_5.ppc64le.rpm

SHA-256: 1f441da985039c5918d39dc45be0f524847c5dd337f1ea890b0aee492596b37d

kpatch-patch-4_18_0-348_7_1-1-2.el8_5.ppc64le.rpm

SHA-256: c95fe5ac3f2c01b8dafcff90f94ca0b66e56d29c6f97339180beafe72b681260

kpatch-patch-4_18_0-348_7_1-debuginfo-1-2.el8_5.ppc64le.rpm

SHA-256: 04ed1b7dea84ea845189b81ec0ec7dfad5d0e79a3cb4f973f4328218b9a2bafe

kpatch-patch-4_18_0-348_7_1-debugsource-1-2.el8_5.ppc64le.rpm

SHA-256: 9ebb25bc2eaf8a30b35c8a2d7031b67757afbcc18355052cafefcda970532f3a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data