Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7885: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-11-09

Updated:

2022-11-09

RHSA-2022:7885 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kpatch management tool provides a kernel patching infrastructure which
allows you to patch a running kernel without rebooting or restarting any
processes.

Security Fix(es):

  • kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_80_1-1-2.el8_2.src.rpm

SHA-256: 33ccc2d55bdcb5e29b4e029e909a894d729a6fc7532298abc6173af01ad983aa

kpatch-patch-4_18_0-193_81_1-1-2.el8_2.src.rpm

SHA-256: b288ab2dd03e9a7da9d60b714d16b28869c22af41b45c174221d9eb6dc97925d

kpatch-patch-4_18_0-193_87_1-1-1.el8_2.src.rpm

SHA-256: cd312b4087aedc370c52b920d9478917f1930f392acf5274807b273793e57685

kpatch-patch-4_18_0-193_90_1-1-1.el8_2.src.rpm

SHA-256: a597d17bbe2ec2690cdbd2951608f3e9c4956442aba133e0706be9b45073c283

kpatch-patch-4_18_0-193_91_1-1-1.el8_2.src.rpm

SHA-256: 5c7d4178512c43402ff545868078bc0282437e1f8fa279294f866d322e5535f3

ppc64le

kpatch-patch-4_18_0-193_80_1-1-2.el8_2.ppc64le.rpm

SHA-256: 1f3ffe22baca805b7b4b4f2398e85d9fcefc9c471b59fbdea31f257f6760f999

kpatch-patch-4_18_0-193_80_1-debuginfo-1-2.el8_2.ppc64le.rpm

SHA-256: 2f08d7c636bc61141910d02407c126b5a7a4075e6ba88327ffe30dce5ba09c26

kpatch-patch-4_18_0-193_80_1-debugsource-1-2.el8_2.ppc64le.rpm

SHA-256: dcaa7f20f687e2c493697745cb75fd20b84fa0c501475f95ce6c65fdef7c292a

kpatch-patch-4_18_0-193_81_1-1-2.el8_2.ppc64le.rpm

SHA-256: 3f073bcbb6b3de62cfe5f866825c6f39fbe9521f35e41700834ce2165bf96005

kpatch-patch-4_18_0-193_81_1-debuginfo-1-2.el8_2.ppc64le.rpm

SHA-256: 5f428413dfd2351bb2c9b448a69b4357152a4dc4a1e10795367c0514625d49ec

kpatch-patch-4_18_0-193_81_1-debugsource-1-2.el8_2.ppc64le.rpm

SHA-256: 9602058f812c384748d2079e957b5886767073797c7bb3dea5c60c761b085d12

kpatch-patch-4_18_0-193_87_1-1-1.el8_2.ppc64le.rpm

SHA-256: 71fc1ecc48a7f1e0c336ce0f77828ea2813f99141add89502e87e36f9cc85089

kpatch-patch-4_18_0-193_87_1-debuginfo-1-1.el8_2.ppc64le.rpm

SHA-256: 40627bb5134cc38c9e4a63d33b2ce0785378001a85908c60dc101cc9833ce534

kpatch-patch-4_18_0-193_87_1-debugsource-1-1.el8_2.ppc64le.rpm

SHA-256: 8f58299347aa80c5a4cdc3e8e5d94f9deb36d232893b2cd6a3858e3ee2942909

kpatch-patch-4_18_0-193_90_1-1-1.el8_2.ppc64le.rpm

SHA-256: 00ff74fd50be831e61f1fd66ea62209573bb95a2452b38f6d422b4798638c18a

kpatch-patch-4_18_0-193_90_1-debuginfo-1-1.el8_2.ppc64le.rpm

SHA-256: 1306595ed44ec20c5ccd5ee9760355f7d4778d0083d61782d5c7ce413c7bbf8a

kpatch-patch-4_18_0-193_90_1-debugsource-1-1.el8_2.ppc64le.rpm

SHA-256: cb0311e9d6d9e071bcd59b77f663ec0a8d4fdd7a4dd615eb869e33a642aac0ac

kpatch-patch-4_18_0-193_91_1-1-1.el8_2.ppc64le.rpm

SHA-256: 9705b9040fad3e1ad4887677caeecf48503b25fb70820718a2c2186e56fa677c

kpatch-patch-4_18_0-193_91_1-debuginfo-1-1.el8_2.ppc64le.rpm

SHA-256: e2b5d3f4233aa172348ecf83999dce40557adb6e5be8c5c952f235bbcb5489c9

kpatch-patch-4_18_0-193_91_1-debugsource-1-1.el8_2.ppc64le.rpm

SHA-256: f4b62799ec9177568126a7a29dd8499995d7ccfe14cecc1bfaef1c5a79d897d6

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_80_1-1-2.el8_2.src.rpm

SHA-256: 33ccc2d55bdcb5e29b4e029e909a894d729a6fc7532298abc6173af01ad983aa

kpatch-patch-4_18_0-193_81_1-1-2.el8_2.src.rpm

SHA-256: b288ab2dd03e9a7da9d60b714d16b28869c22af41b45c174221d9eb6dc97925d

kpatch-patch-4_18_0-193_87_1-1-1.el8_2.src.rpm

SHA-256: cd312b4087aedc370c52b920d9478917f1930f392acf5274807b273793e57685

kpatch-patch-4_18_0-193_90_1-1-1.el8_2.src.rpm

SHA-256: a597d17bbe2ec2690cdbd2951608f3e9c4956442aba133e0706be9b45073c283

kpatch-patch-4_18_0-193_91_1-1-1.el8_2.src.rpm

SHA-256: 5c7d4178512c43402ff545868078bc0282437e1f8fa279294f866d322e5535f3

x86_64

kpatch-patch-4_18_0-193_80_1-1-2.el8_2.x86_64.rpm

SHA-256: 4d97228e35a5b89b62cbfaa1ae848e5c0413c38bd95308faab78124d5d7838e2

kpatch-patch-4_18_0-193_80_1-debuginfo-1-2.el8_2.x86_64.rpm

SHA-256: 20b82ac32ff1cf3f031e766e20c95fd3ad7791980690626501f33f6db554efd1

kpatch-patch-4_18_0-193_80_1-debugsource-1-2.el8_2.x86_64.rpm

SHA-256: 7c816cc8326b4693fefc47a3b8d64312a9b89699ec5ec3d3cb8d6e9a6a163da3

kpatch-patch-4_18_0-193_81_1-1-2.el8_2.x86_64.rpm

SHA-256: 6bdb96d728df003febb1c3959c0a06abd9ca6ff65de20a06dd6e80c2870745e1

kpatch-patch-4_18_0-193_81_1-debuginfo-1-2.el8_2.x86_64.rpm

SHA-256: d14d1c250a2af0e3d8a5e879bc70fc0e03a6f2363774003a7f062d0c9c755a5a

kpatch-patch-4_18_0-193_81_1-debugsource-1-2.el8_2.x86_64.rpm

SHA-256: 1661ce6c613720b7aa5c8efaa7b584a4a841cc30f87625fdc0426a570a35c926

kpatch-patch-4_18_0-193_87_1-1-1.el8_2.x86_64.rpm

SHA-256: 062164dcd08d630e65293a419d7e94a2266543360f5a254bbe6519fef707da53

kpatch-patch-4_18_0-193_87_1-debuginfo-1-1.el8_2.x86_64.rpm

SHA-256: 5ea72bf1c9d1f1181ed142f17b110044e078122bfa2edf3c627d702a9abcc9ab

kpatch-patch-4_18_0-193_87_1-debugsource-1-1.el8_2.x86_64.rpm

SHA-256: e3f82bedd26d6a6c995eaf8dd7be4e7435ed20f719e0eb6991e1525c1725ff7d

kpatch-patch-4_18_0-193_90_1-1-1.el8_2.x86_64.rpm

SHA-256: 5aca2f4f9b1ba6fc709a23c8159106728fa08879792751280d542d5e637d26a0

kpatch-patch-4_18_0-193_90_1-debuginfo-1-1.el8_2.x86_64.rpm

SHA-256: 636eec6c56ed48ac023f74e3f6d0d26fd51c295429ff086404644cc71dcc6b37

kpatch-patch-4_18_0-193_90_1-debugsource-1-1.el8_2.x86_64.rpm

SHA-256: 9049a4c2a18d7ae175ee67b2667b78986200f4c2010dfdc9c2d10a4471a95be3

kpatch-patch-4_18_0-193_91_1-1-1.el8_2.x86_64.rpm

SHA-256: 81a42a2cdeb7c544c977bd679e42a20250c6399f72e2536966e6d2c91142c65c

kpatch-patch-4_18_0-193_91_1-debuginfo-1-1.el8_2.x86_64.rpm

SHA-256: d7501c87121bbf6bfa70b23a57ced783acade739adf181212d382a3f09736900

kpatch-patch-4_18_0-193_91_1-debugsource-1-1.el8_2.x86_64.rpm

SHA-256: 81ffa1f70ac252c79741f826590b9d1a713ed1213e34179e8b8e624fb1fbc060

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-4022-01

Red Hat Security Advisory 2023-4022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

RHSA-2022:7874: Red Hat Security Advisory: OpenShift Container Platform 4.8.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

RHSA-2022:7344: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Security Advisory 2022-7279-01

Red Hat Security Advisory 2022-7279-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:7279: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka S...

Red Hat Security Advisory 2022-7173-01

Red Hat Security Advisory 2022-7173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-7137-01

Red Hat Security Advisory 2022-7137-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:6983: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-45485: kernel: information leak in the IPv6 implementation * CVE-2021-45486: kernel: information leak in the IPv4 implementation * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation * CVE-2022-21123: hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) * CV...

RHSA-2022:6978: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Security Advisory 2022-6875-01

Red Hat Security Advisory 2022-6875-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:6875: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2588: kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

Red Hat Security Advisory 2022-6551-01

Red Hat Security Advisory 2022-6551-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include denial of service, information leakage, privilege escalation, and use-after...