Headline
RHSA-2022:7330: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Fixes
- BZ - 2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation
Red Hat Enterprise Linux for x86_64 9
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
x86_64
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm
SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm
SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm
SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm
SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm
SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm
SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
x86_64
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm
SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm
SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm
SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm
SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm
SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm
SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387
Red Hat Enterprise Linux for Power, little endian 9
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
ppc64le
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm
SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm
SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm
SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm
SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm
SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm
SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
ppc64le
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm
SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm
SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm
SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm
SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm
SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm
SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
ppc64le
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.ppc64le.rpm
SHA-256: 772a475327e176091e6f8c898d6ec3072b5bfc4672b9849c4e5165b83d9ac400
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.ppc64le.rpm
SHA-256: 244dffa7ac4f8fb3dd0d68e2859486340e7098f1b23acb52d840e98ab408d716
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.ppc64le.rpm
SHA-256: 37e651ddba3485379e9aba4ede457cd6fdf2c42bfc3bdc5565a99b368fb2b593
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.ppc64le.rpm
SHA-256: fbf6083711c658401f6f00a8b65e4d94e21852937f32477f3a28efe2e31c85ad
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 58461ab4adce608f0164223cfe2bc89ec63cb6fb5098939caa2c63c253338d13
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: b7525f22e278b09ce2877df068c89e6a76c658c4ae013c23048648af5c583c05
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.ppc64le.rpm
SHA-256: d37c37c892aec925526378e317758de0f204319806f3c17fe3896828797c4aa7
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 9f849e9b87e1822d887cee35a448f2b53be58dccd3350ca9000130d6b49b4b85
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: 78a5e21238b3ab3302518cab7ee1b483589067c5d501397a63fe30606b847193
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.ppc64le.rpm
SHA-256: 13393d388dc865fecc30a9e644f3e38e70a55e3dbbcd3d48cec17f1dabbe6b52
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 552b452dce3cddd30af66baa6dcfb78533358fcd02d1b35b02ecf363fb151f37
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: e3d9015f11b879fcbed75cdd6826d467db1e70eb59f9872d2d19abdecd406214
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.src.rpm
SHA-256: 8b60829b7474d65836f35942f81a32558e105d03c8aee1ef4c4c7d6153972cee
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.src.rpm
SHA-256: a94ca6bef5539887f0bd324e40ae54a65dbcd1362e58b2717bf65e0577e9579f
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.src.rpm
SHA-256: b6621519e2e7ad2d3a5c65823844702ed9b4bb6bc0c4fc97fadb971b3dee2462
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.src.rpm
SHA-256: 8ac8d3b091ef654cd8ce24a72806958e9c5db26e7b4d6eb7d48a658dcaabdd17
x86_64
kpatch-patch-5_14_0-70_13_1-1-4.el9_0.x86_64.rpm
SHA-256: 157372b4f68d605672183baaec5311a547c6790ff67343bff17b201a1d7bec9b
kpatch-patch-5_14_0-70_13_1-debuginfo-1-4.el9_0.x86_64.rpm
SHA-256: 487ea08d660701b3ae02870cb8a84fb22ba05695cff47675c1dd4d19e20b6f16
kpatch-patch-5_14_0-70_13_1-debugsource-1-4.el9_0.x86_64.rpm
SHA-256: 583d97fcab5016e63abb55941c963a7d0b72f832272710bb643d15f6a8406b3c
kpatch-patch-5_14_0-70_17_1-1-3.el9_0.x86_64.rpm
SHA-256: 3aa8dd746ab0c0b3f16be4b8e47f36f488d3ca19b253307d99d9d138520852c3
kpatch-patch-5_14_0-70_17_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: a515f8f9f9aa158df2fe13a3117d317f4065f9fc67f065cbe21c302bdcc561af
kpatch-patch-5_14_0-70_17_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 338a039eeaf855a27b9652cd29d208aebc6760760b996ac5f8880afffc737889
kpatch-patch-5_14_0-70_22_1-1-3.el9_0.x86_64.rpm
SHA-256: e9cdd15ea0757af42044bda46f72f6ffc9ba8ebf1ab66df68240a1992f289293
kpatch-patch-5_14_0-70_22_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: c40105cf20e98b5d1da7baa8dab64f6974c0ac04ecc5cd739c1a8e34ee77ef61
kpatch-patch-5_14_0-70_22_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 6ceafbdbb289d704d2058e91c0eb8987662be0175f54af3db735933abef074d9
kpatch-patch-5_14_0-70_26_1-1-2.el9_0.x86_64.rpm
SHA-256: 302947dabc57accad4977ab9e2a685c2a71e30d9803a13d6db754ae475d490ec
kpatch-patch-5_14_0-70_26_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 0cb1868fac0200f8985ba39839e9d5c7cd087c78932031257e1e912ebf1a9958
kpatch-patch-5_14_0-70_26_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: f9734e033f45b2d473cb77e02aff978532c3391dd0360fa5f0ed0b24871ab387
Related news
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Red Hat Security Advisory 2022-7318-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7330-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2022-7319-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2585: kernel: posix cpu timer use-after-free may lead to local privilege escalation * CVE-2022-30594: kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.
Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.