Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6002: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-0494: kernel: information leak in scsi_ioctl()
  • CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-08-09

Updated:

2022-08-09

RHSA-2022:6002 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • information leak in scsi_ioctl() (CVE-2022-0494)
  • use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • update RT source tree to the latest RHEL-9.0.z2 Batch (BZ#2105450)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 9 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64

Fixes

  • BZ - 2039448 - CVE-2022-0494 kernel: information leak in scsi_ioctl()
  • BZ - 2070220 - CVE-2022-1055 kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

Red Hat Enterprise Linux for Real Time 9

SRPM

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm

SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c

x86_64

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939

kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895

kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3

kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7

kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820

kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374

kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a

kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6

kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167

kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d

kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75

kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62

kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c

Red Hat Enterprise Linux for Real Time for NFV 9

SRPM

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm

SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c

x86_64

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939

kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895

kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3

kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7

kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820

kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374

kernel-rt-debug-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 7ea89afe725c504e3942edffbad8050c01a86f16a07d88119446a27ee3eda5e8

kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a

kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6

kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167

kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d

kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75

kernel-rt-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 06d74224020143b0be147ebf5d0d52e4e40938e9121458483c159b6fe16aa67e

kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62

kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0

SRPM

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm

SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c

x86_64

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939

kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895

kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3

kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7

kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820

kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374

kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a

kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6

kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167

kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d

kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75

kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62

kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0

SRPM

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm

SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c

x86_64

kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939

kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895

kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3

kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7

kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820

kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374

kernel-rt-debug-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 7ea89afe725c504e3942edffbad8050c01a86f16a07d88119446a27ee3eda5e8

kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a

kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6

kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167

kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d

kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75

kernel-rt-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 06d74224020143b0be147ebf5d0d52e4e40938e9121458483c159b6fe16aa67e

kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62

kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm

SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-1188-03

Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Red Hat Security Advisory 2022-8781-01

Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

RHSA-2022:7434: Red Hat Security Advisory: Logging Subsystem 5.5.4 - Red Hat OpenShift security update

Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags

RHSA-2022:7683: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large arguments...

RHSA-2022:7444: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...

Red Hat Security Advisory 2022-7313-01

Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

RHSA-2022:7134: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: c...

RHSA-2022:6890: Red Hat Security Advisory: OpenShift Virtualization 4.8.7 Images bug fixes and security update

Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

CVE-2022-1941: Security Bulletins  |  Customer Care  |  Google Cloud

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

RHSA-2022:6681: Red Hat Security Advisory: OpenShift Virtualization 4.9.6 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs

CVE-2020-36600: September

Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.

Red Hat Security Advisory 2022-6322-01

Red Hat Security Advisory 2022-6322-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.59. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-6317-01

Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.

RHSA-2022:6318: Red Hat Security Advisory: OpenShift Container Platform 4.9.48 extras security update

Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS

Red Hat Security Advisory 2022-6258-01

Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6248-01

Red Hat Security Advisory 2022-6248-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2022-6243-01

Red Hat Security Advisory 2022-6243-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.

RHSA-2022:6243: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register

RHSA-2022:6248: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register

Ubuntu Security Notice USN-5582-1

Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.

CVE-2022-20158: Pixel Update Bulletin—August 2022  |  Android Open Source Project

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel

Ubuntu Security Notice USN-5562-1

Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-2

Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5560-1

Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

RHSA-2022:6003: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c

Kernel Live Patch Security Notice LSN-0086-1

It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

CVE-2022-1055: 🐧🕺

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

CVE-2022-0494: Invalid Bug ID

A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.