Headline
RHSA-2022:0629: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-0920: kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- CVE-2021-4028: kernel: use-after-free in RDMA listen()
- CVE-2021-4155: kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-02-22
Updated:
2022-02-22
RHSA-2022:0629 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
- kernel: use-after-free in RDMA listen() (CVE-2021-4028)
- kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000050e86018>] handle_userfault+0x530/0x1820 (BZ#2029420)
- kernel-rt: update RT source tree to the latest RHEL-8.2.z15 Batch (BZ#2046275)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen()
- BZ - 2031930 - CVE-2021-0920 kernel: Use After Free in unix_gc() which could result in a local privilege escalation
- BZ - 2034813 - CVE-2021-4155 kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
SRPM
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.src.rpm
SHA-256: 07c10d642dfc17539400710d29333fb0749b8668e88a66884a1da26b7e3e5ca0
x86_64
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 4c64f8cb2d9ca5bbd395f87d2b438f4ff96b91a28af4c516b290f27455d57e01
kernel-rt-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 183546757deb973e85f946406213fa8f210ce92760d070bf414426a041c7371a
kernel-rt-debug-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: f4db7e06c8abf764fa74336533400252fee652c60f40da58c0cffacf9e2b22f8
kernel-rt-debug-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 8458ca5254f6c381645eee451ab0238ce3476c5562d360b4f7b4acb0f2fbd6f6
kernel-rt-debug-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 2c021172c038715e632bb4395123d5472957a25ece9f024776037cafcdd6065f
kernel-rt-debug-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: f5e96066a47d3ce231252db99a0d7b53f03db0948f3c58900970f7260269c770
kernel-rt-debug-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: ddc2dfada7cb5116178ff173d0e9432c47db6d0beaf304dd4400f3778207809d
kernel-rt-debug-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 06cea9917920f952526400490147556a30eb837a1137ffd912194145c4d7a3cc
kernel-rt-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: ec41f017c67e245c344d381ba786ca9d15d0c362e004f01b8cf48a6e3a759fc1
kernel-rt-debuginfo-common-x86_64-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 7818f437fe1bf7ffbd823c6502908153955e4827b22e4e2bfe0e2a46b05314aa
kernel-rt-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 2d1328bfa9a01e737e18a354b498e4576505440040931f7f918a9198bb672ea0
kernel-rt-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: e62d7a7c2e29e03c7c9899650d350164e82f203d8deee3d064d9c3fc2e1816b2
kernel-rt-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: d630d9b43bd6307ae8b670d132b1585ac43207eec30b5dbb4e849475c1ec1ee9
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
SRPM
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.src.rpm
SHA-256: 07c10d642dfc17539400710d29333fb0749b8668e88a66884a1da26b7e3e5ca0
x86_64
kernel-rt-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 4c64f8cb2d9ca5bbd395f87d2b438f4ff96b91a28af4c516b290f27455d57e01
kernel-rt-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 183546757deb973e85f946406213fa8f210ce92760d070bf414426a041c7371a
kernel-rt-debug-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: f4db7e06c8abf764fa74336533400252fee652c60f40da58c0cffacf9e2b22f8
kernel-rt-debug-core-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 8458ca5254f6c381645eee451ab0238ce3476c5562d360b4f7b4acb0f2fbd6f6
kernel-rt-debug-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 2c021172c038715e632bb4395123d5472957a25ece9f024776037cafcdd6065f
kernel-rt-debug-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: f5e96066a47d3ce231252db99a0d7b53f03db0948f3c58900970f7260269c770
kernel-rt-debug-kvm-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 597148a6ae3bd363a5164c5672d7359432c31c281afdf5ec30b1c6d5de870d74
kernel-rt-debug-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: ddc2dfada7cb5116178ff173d0e9432c47db6d0beaf304dd4400f3778207809d
kernel-rt-debug-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 06cea9917920f952526400490147556a30eb837a1137ffd912194145c4d7a3cc
kernel-rt-debuginfo-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: ec41f017c67e245c344d381ba786ca9d15d0c362e004f01b8cf48a6e3a759fc1
kernel-rt-debuginfo-common-x86_64-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 7818f437fe1bf7ffbd823c6502908153955e4827b22e4e2bfe0e2a46b05314aa
kernel-rt-devel-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: 2d1328bfa9a01e737e18a354b498e4576505440040931f7f918a9198bb672ea0
kernel-rt-kvm-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: e741e69a886a8ca25157070bebe4ca5f661e3ecadd2ab5f7379259a6c0a90347
kernel-rt-modules-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: e62d7a7c2e29e03c7c9899650d350164e82f203d8deee3d064d9c3fc2e1816b2
kernel-rt-modules-extra-4.18.0-193.75.1.rt13.125.el8_2.x86_64.rpm
SHA-256: d630d9b43bd6307ae8b670d132b1585ac43207eec30b5dbb4e849475c1ec1ee9
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.