Headline
Red Hat Security Advisory 2022-5476-01
Red Hat Security Advisory 2022-5476-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, privilege escalation, and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2022:5476-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5476
Issue date: 2022-06-30
CVE Names: CVE-2022-1966 CVE-2022-27666
====================================================================
- Summary:
An update is now available for Red Hat Enterprise Linux 8.2 Extended Update
Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - ppc64le, x86_64
- Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.
Security Fix(es):
kernel: a use-after-free write in the netfilter subsystem can lead to
privilege escalation to root (CVE-2022-1966)kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code
2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
- Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
kpatch-patch-4_18_0-193_60_2-1-7.el8_2.src.rpm
kpatch-patch-4_18_0-193_64_1-1-6.el8_2.src.rpm
kpatch-patch-4_18_0-193_65_2-1-5.el8_2.src.rpm
kpatch-patch-4_18_0-193_68_1-1-5.el8_2.src.rpm
kpatch-patch-4_18_0-193_70_1-1-4.el8_2.src.rpm
kpatch-patch-4_18_0-193_71_1-1-4.el8_2.src.rpm
kpatch-patch-4_18_0-193_75_1-1-3.el8_2.src.rpm
kpatch-patch-4_18_0-193_79_1-1-2.el8_2.src.rpm
kpatch-patch-4_18_0-193_80_1-1-1.el8_2.src.rpm
kpatch-patch-4_18_0-193_81_1-1-1.el8_2.src.rpm
ppc64le:
kpatch-patch-4_18_0-193_60_2-1-7.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_60_2-debuginfo-1-7.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_60_2-debugsource-1-7.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_64_1-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_64_1-debuginfo-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_64_1-debugsource-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_65_2-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_65_2-debuginfo-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_65_2-debugsource-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_68_1-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_68_1-debuginfo-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_68_1-debugsource-1-5.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_70_1-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_70_1-debuginfo-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_70_1-debugsource-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_71_1-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_71_1-debuginfo-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_71_1-debugsource-1-4.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_75_1-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_75_1-debuginfo-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_75_1-debugsource-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_79_1-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_79_1-debuginfo-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_79_1-debugsource-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_80_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_80_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_80_1-debugsource-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_81_1-debugsource-1-1.el8_2.ppc64le.rpm
x86_64:
kpatch-patch-4_18_0-193_60_2-1-7.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_60_2-debuginfo-1-7.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_60_2-debugsource-1-7.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_64_1-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_64_1-debuginfo-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_64_1-debugsource-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_65_2-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_65_2-debuginfo-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_65_2-debugsource-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_68_1-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_68_1-debuginfo-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_68_1-debugsource-1-5.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_70_1-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_70_1-debuginfo-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_70_1-debugsource-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_71_1-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_71_1-debuginfo-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_71_1-debugsource-1-4.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_75_1-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_75_1-debuginfo-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_75_1-debugsource-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_79_1-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_79_1-debuginfo-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_79_1-debugsource-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_80_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_80_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_80_1-debugsource-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_81_1-debugsource-1-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-1966
https://access.redhat.com/security/cve/CVE-2022-27666
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYr6VudzjgjWX9erEAQgleQ//do3fDX6RmgU7qccs6u3sV4qZlUtrJe3q
Km5tPK0NcI0itlk9iAjYh8nnDOf9GMxqa0Be1rXNskr4003ygQYliIBQmq3C9tpc
Enp6ocqrMKYtlYMRyaXrGaz+0zFKpsrahW93qfY+2iP0PKMKvJC4r4+qU02SXCfH
bUl3XyTAOO1qg5MqonGQ7T/ZdR4If7mESEPgDCx5ic9XvOc80zfJhfBX6smFC7xa
XNrRkKVVJbToZ75mbCULWgWP3l3Mf/iElsk3fShuGwHiKi6vkyNX8zsjp02o6o3w
qhHU4m8aonYrO+VKCpwnH/X2KkWVTYNSYelQBSoBCh3XOvpanNikw6EufZf3CycS
9pcbd0akw7a2riahrrpmCQ2adLNbv96K6Adc9cWlLd2/SMy37X7TspVXa8h+vuBz
InzbIiOyCGEFXu05SwoSH5j9M9dSbcWPDXDURdpfxLAZOccblhI/t/QOeEdFVwVK
u8fpVcsSkiWTV+xKOUOUGyZnKEHX0wJNoNoP1uiplcZQM/sOGLJ2blpSIkGHb4KS
q+16A7wHGpveRIu5pmYMMlj2We4X01gn60NUzNugiqlBdhrllVRxZP7TwK1r+7Jj
zeh5Hs4v1EabxE7VEXTMGlkps8BZFlOwa/G7ECsCc8fnAd9HavPHsT2jpHPbiCK8
b7ds3h84oX4=vnBR
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel
The Migration Toolkit for Containers (MTC) 1.7.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1365: cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong group
Red Hat Security Advisory 2022-5531-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs.
Logging Subsystem 5.4.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Advanced Cluster Management for Kubernetes 2.5.1 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24450: nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
Red Hat Security Advisory 2022-5439-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5249-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-5249-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2018-25032: zlib: A flaw found in zlib when compressing (not decompressing) certain inputs * CVE-2022-1271: gzip: arbitrary-file-write vulnerability * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2...
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overf...
Red Hat Security Advisory 2022-5219-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-5267-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to priv...
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check * CVE-2022-1012: kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak * CVE-2022-1729: kernel: race condition in perf_event_open leads to p...
Red Hat Security Advisory 2022-4942-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2022-4924-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.
Red Hat Security Advisory 2022-4835-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-4829-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2022-4809-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a buffer overflow vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4037: kernel: security regression for CVE-2018-13405 * CVE-2021-20322: kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code