Headline
RHSA-2022:7319: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation
- CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-02
Updated:
2022-11-02
RHSA-2022:7319 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)
- Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Update RT source tree to the latest RHEL-9.0.z4 Batch (BZ#2123498)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 9 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
- BZ - 2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation
Red Hat Enterprise Linux for Real Time 9
SRPM
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm
SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2
x86_64
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882
Red Hat Enterprise Linux for Real Time for NFV 9
SRPM
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm
SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2
x86_64
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675
kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f80c77d2998d45aac52b02a8357fd314ea76f6545c514d85deee936a2e0f3189
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053
kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 47706ca8c84523da413caad217c680b287428b95b9620e42bef892f5d6e91eba
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
SRPM
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm
SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2
x86_64
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
SRPM
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.src.rpm
SHA-256: d46493a749032863625ec2dad371da61a1924d02a31de1963bac943f501679b2
x86_64
kernel-rt-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 11e398b7cbedd8bf306953e6f4e6dbd5b723b75a226817741a6a0d5b2b141543
kernel-rt-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: c1ac697c5da1c730734d68508ffc703508ca8f7cf6506889f64b9a2453ecba78
kernel-rt-debug-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f75d866b0b92a4eb98e02e4decfac202709a5a4e76eb26b0f1732dfea7b0e00c
kernel-rt-debug-core-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5d96e81cea07c2f27ec915442425d000b55f2ec2f2721c8f883c5884892739b1
kernel-rt-debug-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: cefe0e7ccb97e2bcc3a5ff36b97854131c341646c5a536101c3875687c25fe6d
kernel-rt-debug-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: b5387af2088431cc97c7ac99e3342e572f4dc4568af929809a26bef1b66bf675
kernel-rt-debug-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: f80c77d2998d45aac52b02a8357fd314ea76f6545c514d85deee936a2e0f3189
kernel-rt-debug-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 0d2939c82ea3679ee7c886d99e437160133c41ae4830c38a8f40400bceb07858
kernel-rt-debug-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 54389b2a9a9154fb79b60c57cb26df0543d9947d766cf8e61e2ac793f1ea1aa2
kernel-rt-debuginfo-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 5faf401a9d802c6521824d8100be94eff760c307c30b0cdffbcb0af1089f9363
kernel-rt-debuginfo-common-x86_64-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 2daf46e68b81310ad26ad3b0cf6787ec79ca6126f1f28454f79d2ee69b886f8a
kernel-rt-devel-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 3003df7c0c1adbb0937814b675073c9f4569dc81d1ded3abf0abd8cd88e8e053
kernel-rt-kvm-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 47706ca8c84523da413caad217c680b287428b95b9620e42bef892f5d6e91eba
kernel-rt-modules-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 8fff08084b1e5f2e2d489bd9ff4942b19d9be32583a03c7a925f80b5bffb0926
kernel-rt-modules-extra-5.14.0-70.30.1.rt21.102.el9_0.x86_64.rpm
SHA-256: 92b4ed749d104ddc533c2dec255e679a7bada299fc320d7530e0f495ac859882
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Red Hat Security Advisory 2023-3495-01 - Logging Subsystem 5.7.2 - Red Hat OpenShift. Issues addressed include cross site scripting and denial of service vulnerabilities.
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-2964: kernel: memory corruption in AX88179_178A based USB ethernet device. * CVE-2022-3077: kernel: i2c: unbounded length leads to buffer overflow in ismt_access() * CVE-2022-4139: kernel: i915: Incorrect GPU TLB flush can lead to random memory access * CVE-2022-3059...
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-2964: kernel: memory corruption in AX88179_178A based USB ethernet device. * CVE-2022-3077: kernel: i2c: unbounded length leads to buffer overflow in ismt_access() * CVE-2022-4139: kernel: i915: Incorrect GPU TLB flush can lead to random memory access * CVE-2022-30594: ...
The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access.
In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238745070
Red Hat Security Advisory 2022-7318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7330-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7319-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.
Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5465-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
It was discovered that a race condition existed in the network scheduling subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.
Ubuntu Security Notice 5443-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly enforce seccomp restrictions in some situations. A local attacker could use this to bypass intended seccomp sandbox restrictions.
Ubuntu Security Notice 5442-2 - Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code. Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux kernel contained in integer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.