Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4023: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2588: A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-07-11

Updated:

2023-07-11

RHSA-2023:4023 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kpatch management tool provides a kernel patching infrastructure which
allows you to patch a running kernel without rebooting or restarting any
processes.

Security Fix(es):

  • kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

Fixes

  • BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Enterprise Linux Server - AUS 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm

SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b

kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm

SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4

x86_64

kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm

SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf

kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm

SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405

Red Hat Enterprise Linux Server - TUS 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm

SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b

kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm

SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4

x86_64

kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm

SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf

kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm

SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm

SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b

kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm

SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4

ppc64le

kpatch-patch-3_10_0-1062_71_1-1-2.el7.ppc64le.rpm

SHA-256: c2c3a57a54b6ca6d6a9420f0435438547cc7c86bc6a69fd594307a9674250633

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.ppc64le.rpm

SHA-256: bf6d40908010a73064e9d27f00fdd4ebf9c539826020d6760a22061d2a9ab37e

kpatch-patch-3_10_0-1062_72_1-1-1.el7.ppc64le.rpm

SHA-256: 4738c3f69aad013d7756c2c797106cf5c403630c1fd5fbee2eaea57cd0e0a03a

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.ppc64le.rpm

SHA-256: 162ddfc35003ec626b17cd3b774ad8fa5a3b10d4346482300199540f9c5ab7be

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm

SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b

kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm

SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4

x86_64

kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm

SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf

kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm

SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-8609-01

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

RHSA-2022:8609: Red Hat Security Advisory: OpenShift Virtualization 4.9.7 Images security update

Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key

RHSA-2022:7874: Red Hat Security Advisory: OpenShift Container Platform 4.8.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

Red Hat Security Advisory 2022-7201-01

Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.

RHSA-2022:7211: Red Hat Security Advisory: OpenShift Container Platform 4.10.39 bug fix and security update

Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...

RHSA-2022:6991: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45485: kernel: information leak in the IPv6 implementation * CVE-2021-45486: kernel: information leak in the IPv4 implementation * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) *...

Red Hat Security Advisory 2022-6551-01

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...

Kernel Live Patch Security Notice LSN-0089-1

Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.

Ubuntu Security Notice USN-5567-1

Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5565-1

Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.