Headline
RHSA-2022:4644: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-18
Updated:
2022-05-18
RHSA-2022:4644 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the latest RHEL7.9.z14 source tree (BZ#2071179)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation
Red Hat Enterprise Linux for Real Time 7
SRPM
kernel-rt-3.10.0-1160.66.1.rt56.1207.el7.src.rpm
SHA-256: 9488385d589f6c9d69408322c3be11330d1933dfe0fb1eaac19cf330dc12f8d7
x86_64
kernel-rt-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 32832c528b2aee44887b4718bcacd120c9b25e5875dbf96626a938eb4d1d5e10
kernel-rt-debug-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 84396eb31867fe5fcddaae5f0a529271e94f502a21d38a0924d3d2e7c3ab5dff
kernel-rt-debug-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 1a07d61f69196848fd9be0e4666768d007827df408bbce5e38a1ae6a0f321b83
kernel-rt-debug-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 8f66f7873bcb9c5c4017db14a498b0d4c6622533fd0ec268a1178a6202aaacd6
kernel-rt-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: d0eea42a419254432707b44a25d8a0e0737b04f97e6e217c8e1c529e040e58a0
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 325ead407c538b1e24c4f38723e87db79453f61618e50e8cb26f299fc92f4f12
kernel-rt-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 5494a58f527484ba771ac093f4b74a4806162708b7e05fcafc84edb05bed2b3b
kernel-rt-doc-3.10.0-1160.66.1.rt56.1207.el7.noarch.rpm
SHA-256: b1f19ebcad900523d1a82a5e2d6260dba4cb6093ef69afb3906ea6f52235b76f
kernel-rt-trace-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 04c5add619d1af7e7ade96a8716198bb25a355b3c364d3ef56304347d48a3a84
kernel-rt-trace-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 23a72f6538d5b31def31e6b8276aaab717ef64a9a7241ac983c25a9caaaf13cd
kernel-rt-trace-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 28e676246c269c938d9c5aaa33e390ad39eb0e9b310f679f72371d015f484875
Red Hat Enterprise Linux for Real Time for NFV 7
SRPM
kernel-rt-3.10.0-1160.66.1.rt56.1207.el7.src.rpm
SHA-256: 9488385d589f6c9d69408322c3be11330d1933dfe0fb1eaac19cf330dc12f8d7
x86_64
kernel-rt-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 32832c528b2aee44887b4718bcacd120c9b25e5875dbf96626a938eb4d1d5e10
kernel-rt-debug-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 84396eb31867fe5fcddaae5f0a529271e94f502a21d38a0924d3d2e7c3ab5dff
kernel-rt-debug-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 1a07d61f69196848fd9be0e4666768d007827df408bbce5e38a1ae6a0f321b83
kernel-rt-debug-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 8f66f7873bcb9c5c4017db14a498b0d4c6622533fd0ec268a1178a6202aaacd6
kernel-rt-debug-kvm-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: fc26f2a5b8ad192f61a7ceeceff6a30085f2530086ef92debc6616d64d6bcfdc
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 4bfd7c7dd1a7073b1bcb9a77334c56488742b411ab1b0d5acf242ac6b9ba193d
kernel-rt-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: d0eea42a419254432707b44a25d8a0e0737b04f97e6e217c8e1c529e040e58a0
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 325ead407c538b1e24c4f38723e87db79453f61618e50e8cb26f299fc92f4f12
kernel-rt-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 5494a58f527484ba771ac093f4b74a4806162708b7e05fcafc84edb05bed2b3b
kernel-rt-doc-3.10.0-1160.66.1.rt56.1207.el7.noarch.rpm
SHA-256: b1f19ebcad900523d1a82a5e2d6260dba4cb6093ef69afb3906ea6f52235b76f
kernel-rt-kvm-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: f34ee9573e4f77d5e3db1198b2211953fef95980e3373bf54e5d5e469c7ffb80
kernel-rt-kvm-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: bade776a3188c6922a75be8f7c9d7a3c78f1a5b30755894b32d48fffdb6f5c32
kernel-rt-trace-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 04c5add619d1af7e7ade96a8716198bb25a355b3c364d3ef56304347d48a3a84
kernel-rt-trace-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 23a72f6538d5b31def31e6b8276aaab717ef64a9a7241ac983c25a9caaaf13cd
kernel-rt-trace-devel-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 28e676246c269c938d9c5aaa33e390ad39eb0e9b310f679f72371d015f484875
kernel-rt-trace-kvm-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: 41328834844c0c7be15a7d7bbc1959db7e35675afab768c75550163dc9625de9
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.66.1.rt56.1207.el7.x86_64.rpm
SHA-256: b0ef92955c5a49056c143234aaff304da8ff84520e4f0685dbe91bc871da3610
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Red Hat Security Advisory 2022-5392-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which resolve security issues and fix several bugs. Issues addressed include a traversal vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation
It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
Red Hat Security Advisory 2022-4721-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-4717-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a privilege escalation vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
Red Hat Security Advisory 2022-4644-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-4655-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a privilege escalation vulnerability.
Red Hat Security Advisory 2022-4642-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and privilege escalation vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
Red Hat Security Advisory 2022-1699-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.50.
Red Hat OpenShift Container Platform release 4.7.50 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24769: moby: Default inheritable capabilities for linux container should be empty
Red Hat Security Advisory 2022-2186-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4028: kernel: use-after-free in RDMA listen() * CVE-2021-4083: kernel: fget: check that the fd still exists after getting a ref to it * CVE-2022-0492: kernel: cgroups v1 release_agent feature may allow privilege escalation
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.