Headline
RHSA-2023:4023: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2588: A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-07-11
Updated:
2023-07-11
RHSA-2023:4023 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kpatch management tool provides a kernel patching infrastructure which
allows you to patch a running kernel without rebooting or restarting any
processes.
Security Fix(es):
- kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64
Fixes
- BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Red Hat Enterprise Linux Server - AUS 7.7
SRPM
kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm
SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b
kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm
SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4
x86_64
kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm
SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm
SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf
kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm
SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm
SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405
Red Hat Enterprise Linux Server - TUS 7.7
SRPM
kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm
SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b
kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm
SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4
x86_64
kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm
SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm
SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf
kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm
SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm
SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7
SRPM
kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm
SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b
kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm
SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4
ppc64le
kpatch-patch-3_10_0-1062_71_1-1-2.el7.ppc64le.rpm
SHA-256: c2c3a57a54b6ca6d6a9420f0435438547cc7c86bc6a69fd594307a9674250633
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.ppc64le.rpm
SHA-256: bf6d40908010a73064e9d27f00fdd4ebf9c539826020d6760a22061d2a9ab37e
kpatch-patch-3_10_0-1062_72_1-1-1.el7.ppc64le.rpm
SHA-256: 4738c3f69aad013d7756c2c797106cf5c403630c1fd5fbee2eaea57cd0e0a03a
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.ppc64le.rpm
SHA-256: 162ddfc35003ec626b17cd3b774ad8fa5a3b10d4346482300199540f9c5ab7be
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7
SRPM
kpatch-patch-3_10_0-1062_71_1-1-2.el7.src.rpm
SHA-256: 91c7c46ad178f5daf713a9fdf034f38ad23cb0ef5a236073ed892a70f8acf84b
kpatch-patch-3_10_0-1062_72_1-1-1.el7.src.rpm
SHA-256: 1e27ae22943154c4495dd012912bd69d28fdca0b0aa8ef4d26a9e75e2141e2d4
x86_64
kpatch-patch-3_10_0-1062_71_1-1-2.el7.x86_64.rpm
SHA-256: 2b80ad5d2521f67f0b5c5cd339a49fc50987b66f18c65aff5762c10d655cbf0a
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-2.el7.x86_64.rpm
SHA-256: 721f908a7dbad4e95ad9b83c0ac88673fb4a23091b47e31f748f82b4662c3fdf
kpatch-patch-3_10_0-1062_72_1-1-1.el7.x86_64.rpm
SHA-256: 6d63813af39a238e58d2652570877a5b8d308996596e7ce860787270aefa3e6e
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-1.el7.x86_64.rpm
SHA-256: 8e3853e42506542879bcbfd39c89124372e15a23e8a35b394f7e329eff2a3405
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
Red Hat OpenShift Virtualization release 4.9.7 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1996: go-restful: Authorization Bypass Through User-Controlled Key
Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat Security Advisory 2022-7201-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. Issues addressed include a code execution vulnerability.
Red Hat OpenShift Container Platform release 4.10.39 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45485: kernel: information leak in the IPv6 implementation * CVE-2021-45486: kernel: information leak in the IPv4 implementation * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) *...
Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...
Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. Ziming Zhang discovered that the netfilter subsystem in the Linux kernel did not properly validate sets with multiple ranged fields. It was discovered that the implementation of POSIX timers in the Linux kernel did not properly clean up timers in some situations. Various other vulnerabilities were also discovered.
Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.