Headline
RHSA-2022:6002: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0494: kernel: information leak in scsi_ioctl()
- CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-08-09
Updated:
2022-08-09
RHSA-2022:6002 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- information leak in scsi_ioctl() (CVE-2022-0494)
- use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- update RT source tree to the latest RHEL-9.0.z2 Batch (BZ#2105450)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 9 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2039448 - CVE-2022-0494 kernel: information leak in scsi_ioctl()
- BZ - 2070220 - CVE-2022-1055 kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
Red Hat Enterprise Linux for Real Time 9
SRPM
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm
SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c
x86_64
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939
kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895
kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3
kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7
kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820
kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374
kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a
kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6
kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167
kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d
kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75
kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62
kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c
Red Hat Enterprise Linux for Real Time for NFV 9
SRPM
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm
SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c
x86_64
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939
kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895
kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3
kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7
kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820
kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374
kernel-rt-debug-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 7ea89afe725c504e3942edffbad8050c01a86f16a07d88119446a27ee3eda5e8
kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a
kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6
kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167
kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d
kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75
kernel-rt-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 06d74224020143b0be147ebf5d0d52e4e40938e9121458483c159b6fe16aa67e
kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62
kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
SRPM
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm
SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c
x86_64
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939
kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895
kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3
kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7
kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820
kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374
kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a
kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6
kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167
kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d
kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75
kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62
kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
SRPM
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.src.rpm
SHA-256: ff5355128be0503bd1fcb27ae7103ffd97902440c2b8868f2d8effd59f18ab7c
x86_64
kernel-rt-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: c231071837e9d0df8d9af2e735c665f1c8ba9a3bee3c2fc03b0496e000205939
kernel-rt-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: e38273f0b55146a454e547118f51e41f64bf83fef205104f5e73e46e6a8a3895
kernel-rt-debug-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 60ce093e7d25aa680ee8c58bef60841005c2f0c4370bca32105c46190c59b4e3
kernel-rt-debug-core-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: dd2d8b8b14c3d3fd12dee595f197eb9870145eb5a8566a3c5072ae8363636da7
kernel-rt-debug-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 1ab201d936b7a819a532a9d588c5c455348d1bb6d3d2e0104eca6f909f037820
kernel-rt-debug-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: f8040e0526edca7e57a37475edab6133f8a2e32ca4d8878d387eecbf3d85d374
kernel-rt-debug-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 7ea89afe725c504e3942edffbad8050c01a86f16a07d88119446a27ee3eda5e8
kernel-rt-debug-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 282f5d811aad0ae6b695488dd8d9e810d0526aedf601b0d9a876475b8e5e1a8a
kernel-rt-debug-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 70e4ac4ff90555d956f8bd45c99f3d49ead5f9111a846a7ed9af4609af9a9ed6
kernel-rt-debuginfo-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 9cdc336c7f7473875f8816674023bc6c19ce27bc27b42550f3d109b3d683f167
kernel-rt-debuginfo-common-x86_64-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 38aafa9dd9be68e63d5ae7a0ad3890d48d2aaeeb976c5b8ca768741da3554c9d
kernel-rt-devel-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 170eafe1ff1d64a0efa3f2dacc67fd202a53d6daaa684cf862caa3d9482c9f75
kernel-rt-kvm-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 06d74224020143b0be147ebf5d0d52e4e40938e9121458483c159b6fe16aa67e
kernel-rt-modules-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 2d59de31f95e513aa443576ee2cdfe1dc50cbdf2d11c14938958ab617b317b62
kernel-rt-modules-extra-5.14.0-70.22.1.rt21.94.el9_0.x86_64.rpm
SHA-256: 0e0e92a39ba26d5275d15355d8551f4a9f303a0e1b2fdabfa5ff1143bacfd15c
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-1188-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include code execution, denial of service, memory leak, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements
Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.
Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays
Red Hat Security Advisory 2022-8781-01 - Logging Subsystem for Red Hat OpenShift has a security update. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...
Logging Subsystem 5.5.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large arguments...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...
Red Hat Security Advisory 2022-7313-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Issues addressed include denial of service and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.
Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-23816: hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions * CVE-2022-23825: hw: c...
Red Hat OpenShift Virtualization release 4.8.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
Red Hat OpenShift Virtualization release 4.9.6 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1798: kubeVirt: Arbitrary file read on the host from KubeVirt VMs
Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart.
Red Hat Security Advisory 2022-6322-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.59. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS
Red Hat Security Advisory 2022-6258-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.31. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2022-6248-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an information leakage vulnerability.
Red Hat Security Advisory 2022-6243-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1353: Kernel: A kernel-info-leak issue in pfkey_register
Ubuntu Security Notice 5582-1 - Arthur Mongodin discovered that the netfilter subsystem in the Linux kernel did not properly perform data validation. A local attacker could use this to escalate privileges in certain situations. Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code.
In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182815710References: Upstream kernel
Ubuntu Security Notice 5562-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5560-2 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5560-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0494: kernel: information leak in scsi_ioctl() * CVE-2022-1055: kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c
It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.