Headline
Red Hat Security Advisory 2022-4642-01
Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2022:4642-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4642
Issue date: 2022-05-18
CVE Names: CVE-2022-0492
====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
- kernel: cgroups v1 release_agent feature may allow privilege escalation
(CVE-2022-0492)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
kernel panic in mlx5_ib driver RHEL/CentOS 7.9 VM (BZ#2046571)
[RHEL-7.9] Get Call Trace about “kernel/timer.c:1270
requeue_timers+0x15e/0x170” on specified AMD x86_64 system (BZ#2048502)kernel NULL pointer dereference while calling dma_pool_alloc from the
mlx5_core module (BZ#2055457)Rhel 7.9 NFS Clients takes very long time to resume operations in an NFS
Server failover scenario (BZ#2066699)perf stat shows unsupported counters for Intel IceLake cpu (BZ#2072317)
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
2055457 - kernel NULL pointer dereference while calling dma_pool_alloc from the mlx5_core module [rhel-7.9.z]
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1160.66.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.66.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.66.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.66.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.x86_64.rpm
perf-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1160.66.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.66.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.66.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.66.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.x86_64.rpm
perf-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1160.66.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.66.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.66.1.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1160.66.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debug-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-devel-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-headers-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-tools-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.ppc64.rpm
perf-3.10.0-1160.66.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
python-perf-3.10.0-1160.66.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1160.66.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.ppc64le.rpm
perf-3.10.0-1160.66.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
python-perf-3.10.0-1160.66.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1160.66.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
kernel-3.10.0-1160.66.1.el7.s390x.rpm
kernel-debug-3.10.0-1160.66.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.66.1.el7.s390x.rpm
kernel-devel-3.10.0-1160.66.1.el7.s390x.rpm
kernel-headers-3.10.0-1160.66.1.el7.s390x.rpm
kernel-kdump-3.10.0-1160.66.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.66.1.el7.s390x.rpm
perf-3.10.0-1160.66.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
python-perf-3.10.0-1160.66.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1160.66.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.x86_64.rpm
perf-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1160.66.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.66.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.66.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.66.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.66.1.el7.x86_64.rpm
perf-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.66.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.66.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-0492
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYoWMn9zjgjWX9erEAQhMiA/7B08ElIS7Yi4PPTGdMHo3gS5DMPiFqGzv
1tvJ/qUTQg07zXM/duwmnH0Y7v33hl55JiMwSETvZcOF/lXIqRtf6PYJm2wqRSOj
GZE9yjJs963FZb0ykfPiz8gVxkHUAp+3lilgtcQJpDs/NHQ7YhNwLCTGA4kwfUWt
XVLQ+1hTXK+J5JaSI7ZOCf8sMURFJewfyTz3KQlIb1A2m7TDVyo2yYKrClOiAanv
hP66yIhHJPygE5ihoR4HVTosLaVZ2EjDhvHOzngAcyXvgCprQQ3eiO7tPKDl0LjV
XOhK0V7wjtDJV69Nrgkhgb4PGLMs6bO6Nc9xXuvsEWZUXNSPAR2zDCyqjNBF9Rsh
nTleOKOFUR9oc1EJ3zumN9bdmO7g3sjgkN9hTAouFxBUEqTdzsP77Yg+OIRrLq0N
iSn0EfVSm0RmP3Jh5IlbRyH42WdfQT5vvnpYSZemQ9EvMfCYoG4pvaC/DTzFJrkS
SRVoBZy0hqqcat8zCETcoETqrVFtaOhxXOpL3YH+Y1Xg3Y2ESyBg9aEFosiOK0lh
JIoPJLAwUAx0pw1JMUBjygnWtyItMDqezqIpvb0A/7SWkvc6Ha1+dx5/sJFfsaDm
CefHzb+7pxe/XoziTXXvsRD1/eoeUwdiJbf9qbq/Oc8qor1yTyxZbGSXEY0DNX6J
ych3Hb212/A=2HeK
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
This Metasploit exploit module takes advantage of a Docker image which has either the privileged flag, or SYS_ADMIN Linux capability. If the host kernel is vulnerable, its possible to escape the Docker image and achieve root on the host operating system. A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0235: node-fetch: exposure of sensitive information to an unauthorized actor * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-21803: nconf: Prototype pollution in memory store * CVE-2022-23806: golang: crypto/elliptic IsOnCurv...
Red Hat Security Advisory 2022-5157-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A
It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-4655-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.
Red Hat OpenShift Container Platform release 4.7.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty
Red Hat Security Advisory 2022-2186-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.