Headline
RHSA-2022:8686: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-29
Updated:
2022-11-29
RHSA-2022:8686 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm
SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm
SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm
SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm
SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm
SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm
SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm
SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm
SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm
SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm
SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm
SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm
SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm
SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm
SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm
SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm
SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
ppc64le
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm
SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm
SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm
SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm
SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm
SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm
SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm
SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm
SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.src.rpm
SHA-256: 7553a59ecec4049b53be730d4493e1abb8d6d684b01c7f0252845fa683cf0d22
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.src.rpm
SHA-256: 7d2b928ef09ceef8a6abe2f7c883d37ca5c7138a13ef23eac3b12fe309d7b91f
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.src.rpm
SHA-256: 73a3c8f1ae4f97e844e322feed9c5e7a72e1571d78d18bd5b462836cd2b4cb14
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.src.rpm
SHA-256: bd5a0236fc7293c61fb23f0e4434d6a0b8314bea03576917bde19e842d15fd6a
x86_64
kpatch-patch-4_18_0-305_49_1-1-3.el8_4.x86_64.rpm
SHA-256: db38e36b75baff7639f66c06864e75c5ef1ef6def9bc0db1540252d7c83f2356
kpatch-patch-4_18_0-305_49_1-debuginfo-1-3.el8_4.x86_64.rpm
SHA-256: fd37c42e8b5b77a674f8089aa2d196c55ec03d12f1ec7ed148faf95bfc68d9cc
kpatch-patch-4_18_0-305_49_1-debugsource-1-3.el8_4.x86_64.rpm
SHA-256: 12ac3736517ed1f5238b77a501b39ec3125de63a37ac0ac69a927b8214a12471
kpatch-patch-4_18_0-305_57_1-1-2.el8_4.x86_64.rpm
SHA-256: b2d41ad827a6594db6e09ef605b72aa0672968a9210bf3f70ca48e3d73ddb3bb
kpatch-patch-4_18_0-305_57_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 3f95123d9146531e6061f886602fc0a1139a2c354b82354e8ebef08472a269ae
kpatch-patch-4_18_0-305_57_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 6ea4e69809ee0558a75a60c0ea4cc9035fbb5a1b27ba572b920e75c0bce5e139
kpatch-patch-4_18_0-305_62_1-1-2.el8_4.x86_64.rpm
SHA-256: 61d4a71bc3fbe6ed5a19dd087f63d71d38778d5524a293299a300be534aac75b
kpatch-patch-4_18_0-305_62_1-debuginfo-1-2.el8_4.x86_64.rpm
SHA-256: 0dd194774a4516badcd918c249f51c983f735e7afc38c6b3a99e08b15b1f4d15
kpatch-patch-4_18_0-305_62_1-debugsource-1-2.el8_4.x86_64.rpm
SHA-256: 80c143d32dd33a55edfe300631083f17b812f232bfb105798e8baeb94fe52c16
kpatch-patch-4_18_0-305_65_1-1-1.el8_4.x86_64.rpm
SHA-256: ebc781859f5f21f70b35944e8061ddc6d165e035f91e4fed4d218d0e56aba850
kpatch-patch-4_18_0-305_65_1-debuginfo-1-1.el8_4.x86_64.rpm
SHA-256: 517da8b8d990e05bd8fdacf53e3d20feaf3f993f5f375596b56549170bdb6bf4
kpatch-patch-4_18_0-305_65_1-debugsource-1-1.el8_4.x86_64.rpm
SHA-256: 0ef830684aaccd153e0c3d711404fe80856f47430049cd04bb8224247365c5a4
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-43945: kernel: nfsd buffer overflow by RP...
Red Hat Security Advisory 2022-8989-01 - The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2022-8974-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, code execution, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() * CVE-2022-2959: kernel: watch queue race condition can lead to privilege escalation * CVE-2022-21123: hw: cpu: incomplete clean-up of multi-co...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region * CVE-2022-2639: kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()
Red Hat Security Advisory 2022-8673-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2022-8686-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Red Hat Security Advisory 2022-8685-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a memory leak vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1158: kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition.
Ubuntu Security Notice 5469-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5468-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5467-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5416-1 - Qiuhao Li, Gaoning Pan and Yongkang Jia discovered that the KVM implementation in the Linux kernel did not properly perform guest page table updates in some situations. An attacker in a guest vm could possibly use this to crash the host OS. It was discovered that the implementation of X.25 network protocols in the Linux kernel did not terminate link layer sessions properly. A local attacker could possibly use this to cause a denial of service.