Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8686: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-29

Updated:

2022-11-29

RHSA-2022:8686 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

x86_64

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm

SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356

kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm

SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc

kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm

SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm

SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb

kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae

kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm

SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b

kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15

kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm

SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850

kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm

SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4

kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm

SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux Server - AUS 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

x86_64

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm

SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356

kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm

SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc

kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm

SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm

SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb

kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae

kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm

SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b

kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15

kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm

SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850

kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm

SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4

kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm

SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

ppc64le

Red Hat Enterprise Linux Server - TUS 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

x86_64

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm

SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356

kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm

SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc

kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm

SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm

SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb

kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae

kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm

SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b

kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15

kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm

SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850

kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm

SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4

kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm

SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

ppc64le

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm

SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm

SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm

SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm

SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a

x86_64

kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm

SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356

kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm

SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc

kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm

SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471

kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm

SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb

kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae

kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139

kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm

SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b

kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm

SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15

kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm

SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16

kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm

SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850

kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm

SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4

kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm

SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-8893-01

Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.

RHSA-2022:9082: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-43945: kernel: nfsd buffer overflow by RP...

Red Hat Security Advisory 2022-8989-01

Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8974-01

Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.

Red Hat Security Advisory 2022-8941-01

Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

RHSA-2022:8973: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...

RHSA-2022:8941: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8940: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8831: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

RHSA-2022:8809: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

Red Hat Security Advisory 2022-8673-01

Red Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Red Hat Security Advisory 2022-8686-01

Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Red Hat Security Advisory 2022-8685-01

Red Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.

RHSA-2022:8685: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

RHSA-2022:8673: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

CVE-2022-1158: Invalid Bug ID

A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.

Ubuntu Security Notice USN-5469-1

Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5468-1

Ubuntu Security Notice 5468-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5467-1

Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5416-1

Ubuntu Security Notice 5416-1 - Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service.