Headline
Red Hat Security Advisory 2022-5216-01
Red Hat Security Advisory 2022-5216-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2022:5216-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5216
Issue date: 2022-06-28
CVE Names: CVE-2022-1966
====================================================================
- Summary:
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64
- Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: a use-after-free write in the netfilter subsystem can lead to
privilege escalation to root (CVE-2022-1966)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
- Package List:
Red Hat Enterprise Linux Server (v. 7):
Source:
kpatch-patch-3_10_0-1160_36_2-1-8.el7.src.rpm
kpatch-patch-3_10_0-1160_41_1-1-7.el7.src.rpm
kpatch-patch-3_10_0-1160_42_2-1-6.el7.src.rpm
kpatch-patch-3_10_0-1160_45_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-1160_49_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1160_53_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-1160_59_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-1160_62_1-1-2.el7.src.rpm
kpatch-patch-3_10_0-1160_66_1-1-1.el7.src.rpm
ppc64le:
kpatch-patch-3_10_0-1160_36_2-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_36_2-debuginfo-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_41_1-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_41_1-debuginfo-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_42_2-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_42_2-debuginfo-1-6.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_45_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_45_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_49_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_49_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_53_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_53_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_59_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_59_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_62_1-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_66_1-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-1.el7.ppc64le.rpm
x86_64:
kpatch-patch-3_10_0-1160_36_2-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_36_2-debuginfo-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_41_1-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_41_1-debuginfo-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_42_2-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_42_2-debuginfo-1-6.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_45_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_45_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_49_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_49_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_53_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_53_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_59_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_59_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_62_1-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_62_1-debuginfo-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_66_1-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_66_1-debuginfo-1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-1966
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYrtJ+9zjgjWX9erEAQhH1BAAgC0RsYyTFSnjQlucm7BfGtWgqWacRSgg
cf72edvgHRlO2a+e2AHqemR/EFBRW+jcUdv9cmDwnHyjmNG0rvE9z5VBM0iwaMrn
AE77uPAAN3G10qGA6SRxSaW48nn0YOqc6SwmgHZVBuIFE4UMxrmvYgK3zhA4hAyd
1CXYqbTZYo4nXi98KDVtfS+dgEmWVUJlKdAtl/hxprVt/s6a9XGuu5mlZZUoASG1
95MXY5+K8sJW2fGZ7olZUJTJ1x80nd2bi9/y+qMSdGMWjjuzZTMAMv+k4cvJ24wj
rFvpTStyhi/BkWiKtKhCfO9uefrOULR9Yhlwkmbog9I7zh+07dzLD/EjD9yON1QK
S+TGTAAJQ3ROSOSf3XRCMA3svgzakQXFV/14Kbg2kjnWSuAGfUpBRC9+i7cwmXgI
nAEEMcHRaNF/rcj/anF8P6Hg0yxPwmoArCrbTKhH5vHKxE5pNbZu0EBQ4939nrz2
3TpU1o+zR4nOrYJUHDT09mITNrb4k5lbDI0WihXYcZhGOGowrdaqt0guklZ1PRF2
p0hSjxtB4inzZSzSblpgu9mX9jXZ5Zyt4KqwlH9L4c2qTWyPOMZHttHhiKZ2Fp6S
rG7Tsa6RiBJyF7LpzKx2bSKuq6WWdXtWyZCM6tCenaomS7NYXkVOziTryW5B+qaS
IMY/z0Gq2Jc=Q6YQ
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.
Red Hat Security Advisory 2022-5249-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, information leakage, privilege escalation, and use-after-free vulnerabilities.
An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root * CVE-2022-27666: kernel: buffer overflow in IPsec ESP transformation code
Red Hat Security Advisory 2022-5232-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-1966: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5471-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5470-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5465-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.