Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6073: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-08-16

Updated:

2022-08-16

RHSA-2022:6073 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64

Fixes

  • BZ - 2092427 - CVE-2022-32250 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

Red Hat Enterprise Linux Server - TUS 7.7

SRPM

kernel-3.10.0-1062.68.1.el7.src.rpm

SHA-256: 2a97e2a93e8aafe900d8126b501b1e004ee5328a11fb82e104fd7eafdbdf20cc

x86_64

bpftool-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: bad7ccb4391ad269a8272cb43e1bdfbb15e6ad3b6fc052f6a65a6f97cb95f2a1

bpftool-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: d06cd336a3038035db18c99ef06b6f00d961c906a92131cb4a8a32a88cef2351

bpftool-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: d06cd336a3038035db18c99ef06b6f00d961c906a92131cb4a8a32a88cef2351

kernel-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: a43012d27ed67d4bc7e29aeedc684104e1b39fdd24b9706847716a14fe6e78b7

kernel-abi-whitelists-3.10.0-1062.68.1.el7.noarch.rpm

SHA-256: 2cd00dba1372b0ceb3d9b8a4dfd6a1ce41d744fc0f196126dc420953a6196dc8

kernel-debug-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 0be52c7f09ca3f0d601268186f7b0404cac771e645cf10cc00e818bf55d87567

kernel-debug-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 3e30b69e5574b0899497fd68d091b74e3059dbdb1efc618143838df30c0525af

kernel-debug-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 3e30b69e5574b0899497fd68d091b74e3059dbdb1efc618143838df30c0525af

kernel-debug-devel-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: def3da9e7e56a74455e099a0d702498fbaa1b623c6aecab5c880d47848071386

kernel-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 1f57ca2c2b8b50f506876843d76ab12c9d2b1279f7eb1c0f72062c46b7fee6fc

kernel-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 1f57ca2c2b8b50f506876843d76ab12c9d2b1279f7eb1c0f72062c46b7fee6fc

kernel-debuginfo-common-x86_64-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 26a398fe231aa7da760435c8a34dbf9423f3d14f8d03927fa112e21960fca6ad

kernel-debuginfo-common-x86_64-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 26a398fe231aa7da760435c8a34dbf9423f3d14f8d03927fa112e21960fca6ad

kernel-devel-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 38439f7e48f0b4bc7718bf1fef3aba0dca2d665c27a7d74b8f176a2b67b621a8

kernel-doc-3.10.0-1062.68.1.el7.noarch.rpm

SHA-256: 2291f8653a378af923cbd1d82435fe03acd29c78cb3726a2e1e1e16a9d2dcf00

kernel-headers-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 47161cbdd5fdd018c5c35556d4afabd8b62ed0d9ab3a875f2693bbabc10e9104

kernel-tools-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 1226682d17fae5a3744bcda041a020e21e59149312a677574c7537117ee033f0

kernel-tools-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 80d961bc095e02d165708f618b866894af921d7b11bd175fafc71c16cb309894

kernel-tools-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 80d961bc095e02d165708f618b866894af921d7b11bd175fafc71c16cb309894

kernel-tools-libs-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 60af2d51d17fbc2b4218b03e8a9cc26039c21e6483cfa5204df457a170ae6236

kernel-tools-libs-devel-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 25f9920bceccb549e83eb386c786e2e96d2a3dd0a80b5549b2509a4b3c3696f8

perf-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 62f7b213753550934ff64014c22d1955b257c15f748a86d8b89a090486e893cd

perf-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 258f664b1aab8501feddf9d2e8332d710cd84c117d3d9a7c81e44fdf34e2040c

perf-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 258f664b1aab8501feddf9d2e8332d710cd84c117d3d9a7c81e44fdf34e2040c

python-perf-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 7f9eb63d8e70f6498bb72892462f9a6d2244e4fe697037d358adcefc7f2d6a7c

python-perf-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 601617aef3af511c6d371951df12212ef66d87955536203c0cb7a5018880789e

python-perf-debuginfo-3.10.0-1062.68.1.el7.x86_64.rpm

SHA-256: 601617aef3af511c6d371951df12212ef66d87955536203c0cb7a5018880789e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM

kernel-3.10.0-1062.68.1.el7.src.rpm

SHA-256: 2a97e2a93e8aafe900d8126b501b1e004ee5328a11fb82e104fd7eafdbdf20cc

x86_64

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

RHSA-2022:6507: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.2 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.2 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-36067: vm2: Sandbox Escape in vm2

CVE-2022-38701: en/security-disclosure/2022/2022-09.md · OpenHarmony/security - Gitee.com

OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.

RHSA-2022:6370: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.0 General Availability release images, which fix security issues and bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_a...

Red Hat Security Advisory 2022-6271-01

Red Hat Security Advisory 2022-6271-01 - This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2022:6103: Red Hat Security Advisory: OpenShift Container Platform 4.11.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

Red Hat Security Advisory 2022-6051-01

Red Hat Security Advisory 2022-6051-01 - An update is now available for RHOL-5.5-RHEL-8. Issues addressed include denial of service, man-in-the-middle, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2022-6075-01

Red Hat Security Advisory 2022-6075-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5806-01

Red Hat Security Advisory 2022-5806-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2022-5805-01

Red Hat Security Advisory 2022-5805-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:5839: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5802: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5805: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5806: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1729: kernel: race condition in perf_event_open leads to privilege escalation * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

Red Hat Security Advisory 2022-5641-01

Red Hat Security Advisory 2022-5641-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2022:5626: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check * CVE-2021-4197: kernel: cgroup: Use open-time creds and namespace for migration perm checks * CVE-2021-4203: kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses * CVE-2022-1...

RHSA-2022:5648: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

RHSA-2022:5641: Red Hat Security Advisory: kpatch-patch security update

An update is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32250: kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root