Headline
Red Hat Security Advisory 2022-6460-01
Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2022:6460-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6460
Issue date: 2022-09-13
CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
=====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
Incomplete cleanup of multi-core shared buffers (aka SBDR)
(CVE-2022-21123)Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
(CVE-2022-21125)Incomplete cleanup in specific special register write operations (aka
DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
Bad page state in process qemu-kvm pfn:68a74600 (BZ#2081013)
slub corruption during LPM of hnv interface (BZ#2081250)
Affinity broken due to vector space exhaustion (BZ#2084646)
‘rmmod pmt_telemetry’ panics on ADL-P IOTG (BZ#2091079)
Unable to boot RHEL-8.6 on Brazos max. config (Install is success)
(BZ#2092241)kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)
(BZ#2095654)mt7921: free resources on pci_probe error path (BZ#2101684)
NLM should be more defensive if underlying FS changes fl_owner
(BZ#2102099)RHEL8/async-pf Guest call trace when reboot after postcopy migration with
high stress workload (BZ#2105340)execve exit tracepoint not called (BZ#2106662)
QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)
KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)
KVM selftests fail to compile (BZ#2107655)
Some monitor have no display with AMD W6400 when boot into OS.
(BZ#2109826)Percpu counter usage is gradually getting increasing during podman
container recreation. (BZ#2110039)multipath failed to recover after EEH hit on flavafish adapter on
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)
trouble re-assigning MACs to VFs, ice stricter than other drivers
(BZ#2111936)Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)
Multicast packets are not received by all VFs on the same port even
though they have the same VLAN (BZ#2117026)Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)
kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)
ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)
bridge over bond over ice ports has no connection (BZ#2118580)
Fix max VLANs available for VF (BZ#2118581)
offline selftest failed (BZ#2118582)
INTEL NVMUpdate utility ver 3.20 is failing to update firmware on
E810-XXVDA4T (WPC) (BZ#2118583)VM configured with failover interface will coredump after been migrating
from source host to target host(only iavf driver) (BZ#2118705)Fix max VLANs available for untrusted VF (BZ#2118707)
Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset
(BZ#2120776)
Enhancement(s):
KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)
KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)
ice: Driver Update (BZ#2102359)
iavf: Driver Update (BZ#2102360)
iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-372.26.1.el8_6.src.rpm
aarch64:
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm
ppc64le:
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
s390x:
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
perf-4.18.0-372.26.1.el8_6.s390x.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
x86_64:
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-21123
https://access.redhat.com/security/cve/CVE-2022-21125
https://access.redhat.com/security/cve/CVE-2022-21166
https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV
1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO
fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ
DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p
Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4
ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri
dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/
pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR
lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI
Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv
Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv
a685GRAjoyY=
=4AwP
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. A malicious authenticated local user could potentially exploit this vulnerability in certificate management, leading to a potential system takeover.
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...
Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-085...
Red Hat OpenShift Container Platform release 4.9.51 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9.51 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...
Red Hat Security Advisory 2022-7211-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. Issues addressed include a code execution vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka S...
Red Hat Security Advisory 2022-6991-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45485: kernel: information leak in the IPv6 implementation * CVE-2021-45486: kernel: information leak in the IPv4 implementation * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) *...
Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete clea...
Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.
Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...
An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read
Red Hat Security Advisory 2022-6536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.5.
Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter
Red Hat Security Advisory 2022-6437-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2022-6437-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2022-6437-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6252-02 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 3.11.784. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 3.11.784 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-39226: grafana: Snapshot authentication bypass
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.12 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS
Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.
Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.
Gentoo Linux Security Advisory 202208-23 - Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Versions less than 4.15.3 are affected.
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CVE-2022-21125: hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) * CVE-2022-21166: hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Ubuntu Security Notice 5529-1 - It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service in the host OS.
Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5513-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5484-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.