RedHat: RHSA-2022-1975:01 Important: kernel-rt security and bug fix...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2022:1975-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:1975
Issue date:        2022-05-10
CVE Names:         CVE-2020-0404 CVE-2020-13974 CVE-2020-27820 
                   CVE-2021-0941 CVE-2021-3612 CVE-2021-3669 
                   CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 
                   CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 
                   CVE-2021-3773 CVE-2021-4002 CVE-2021-4037 
                   CVE-2021-4083 CVE-2021-4157 CVE-2021-4197 
                   CVE-2021-4203 CVE-2021-20322 CVE-2021-26401 
                   CVE-2021-29154 CVE-2021-37159 CVE-2021-41864 
                   CVE-2021-42739 CVE-2021-43389 CVE-2021-43976 
                   CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 
                   CVE-2022-0001 CVE-2022-0002 CVE-2022-0286 
                   CVE-2022-0322 CVE-2022-1011 
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: fget: check that the fd still exists after getting a ref to it
(CVE-2021-4083)

* kernel: avoid cyclic entity chains due to malformed USB descriptors
(CVE-2020-0404)

* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
(CVE-2020-13974)

* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a
use-after-free (CVE-2021-0941)

* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
(CVE-2021-3612)

* kernel: reading /proc/sysvipc/shm does not scale with large shared memory
segment counts (CVE-2021-3669)

* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
(CVE-2021-3743)

* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(CVE-2021-3744)

* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)

* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg
limits and DoS attacks (CVE-2021-3759)

* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)

* kernel: sctp: Invalid chunks may be used to remotely remove existing
associations (CVE-2021-3772)

* kernel: lack of port sanity checking in natd and netfilter leads to
exploit of OpenVPN clients (CVE-2021-3773)

* kernel: possible leak or coruption of data residing on hugetlbfs
(CVE-2021-4002)

* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)

* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)

* kernel: cgroup: Use open-time creds and namespace for migration perm
checks (CVE-2021-4197)

* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
(CVE-2021-4203)

* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed
packets replies (CVE-2021-20322)

* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)

* kernel: Local privilege escalation due to incorrect BPF JIT branch
displacement computation (CVE-2021-29154)

* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
(CVE-2021-37159)

* kernel: eBPF multiplication integer overflow in
prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to
out-of-bounds write (CVE-2021-41864)

* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)

* kernel: an array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (CVE-2021-43389)

* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c
allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)

* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)

* kernel: information leak in the IPv6 implementation (CVE-2021-45485)

* kernel: information leak in the IPv4 implementation (CVE-2021-45486)

* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)

* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)

* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)

* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
(CVE-2022-0322)

* kernel: FUSE allows UAF reads of write() buffers, allowing theft of
(partial) /etc/shadow hashes (CVE-2022-1011)

* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module
1903578 - kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000050e86018>] handle_userfault+0x530/0x1820
1905749 - kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968
1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors
1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver
1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function
1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module
1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations
2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients
2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write
2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free
2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs
2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405
2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem
2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function
2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks
2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa
2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation
2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation
2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715
2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI)
2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI
2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:
kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm

x86_64:
kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:
kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm

x86_64:
kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-0404
https://access.redhat.com/security/cve/CVE-2020-13974
https://access.redhat.com/security/cve/CVE-2020-27820
https://access.redhat.com/security/cve/CVE-2021-0941
https://access.redhat.com/security/cve/CVE-2021-3612
https://access.redhat.com/security/cve/CVE-2021-3669
https://access.redhat.com/security/cve/CVE-2021-3743
https://access.redhat.com/security/cve/CVE-2021-3744
https://access.redhat.com/security/cve/CVE-2021-3752
https://access.redhat.com/security/cve/CVE-2021-3759
https://access.redhat.com/security/cve/CVE-2021-3764
https://access.redhat.com/security/cve/CVE-2021-3772
https://access.redhat.com/security/cve/CVE-2021-3773
https://access.redhat.com/security/cve/CVE-2021-4002
https://access.redhat.com/security/cve/CVE-2021-4037
https://access.redhat.com/security/cve/CVE-2021-4083
https://access.redhat.com/security/cve/CVE-2021-4157
https://access.redhat.com/security/cve/CVE-2021-4197
https://access.redhat.com/security/cve/CVE-2021-4203
https://access.redhat.com/security/cve/CVE-2021-20322
https://access.redhat.com/security/cve/CVE-2021-26401
https://access.redhat.com/security/cve/CVE-2021-29154
https://access.redhat.com/security/cve/CVE-2021-37159
https://access.redhat.com/security/cve/CVE-2021-41864
https://access.redhat.com/security/cve/CVE-2021-42739
https://access.redhat.com/security/cve/CVE-2021-43389
https://access.redhat.com/security/cve/CVE-2021-43976
https://access.redhat.com/security/cve/CVE-2021-44733
https://access.redhat.com/security/cve/CVE-2021-45485
https://access.redhat.com/security/cve/CVE-2021-45486
https://access.redhat.com/security/cve/CVE-2022-0001
https://access.redhat.com/security/cve/CVE-2022-0002
https://access.redhat.com/security/cve/CVE-2022-0286
https://access.redhat.com/security/cve/CVE-2022-0322
https://access.redhat.com/security/cve/CVE-2022-1011
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYnqRVtzjgjWX9erEAQjwiA//R/ZVJ7xroUR7Uf1az+8xZqs4OZQADIUc
/92cDd6MRyzkvwQx5u7JmD5E6KbRf3NGfDsuoC0jVJJJcp8GT0tWkxPIjCi2RNbI
/9nlbkfp0eQqRGmpL753W/7sfzAnbiOeP47rr+lJU24OBDcbrZn5X3Ex0EdzcdeD
fmVnAxB8bsXyZwcnX9m6mVlBxY+fm6SC78O+/rPzVUHl5NhQASqi0sYSwydyqZvG
a/9p5gXd9nnyV7NtJj58pS7brxQFq4RcM5VhTjix3a/ZaZEwT+nDMj3+RXXwUhGe
HJ6AdJoNI19huMXtn/fYhomb/LIHQos+kHQrBbJ+KmaFE4DD08Uv2uHSyeEe1ksT
oUwcGcIbSta6LBNO60Lh0XVj6FgFWNnNsAGX27nxCHfzDjuJ3U4Tyh8gL+ID2K1t
3nwoQl5gxUokFS0sUIuD0pj2LFW1vg2E2pMcbzPDqFwj0MXn5DpTb4qeuiRWzA05
s+upi3Cd6XmRNKPH8DDOrGNGW0dJqJtuXhUmziZjKPMJK5Ygnhoc+3hYG/EJzGiq
S/VHXR5hnJ+RAPz2U8rETfCW2Dvz7lCUh5rJGg/8f8MCyAMCPpFqXbkNvpt3BIKy
2SLBhh0Mci1fprA35q2eNCjduntja3oxnVx+YAKPM30hzE7ejwHFEZHPGOdKB0q/
aHIZwOKDLaE=
=hqV1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2022-1975:01 Important: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8

Summary

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
* kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)
* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)
* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)
* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)
* kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)
* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)
* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)
* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)
* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)
* kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)
* kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)
* kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)
* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)
* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)
* kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)
* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)
* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)
* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)
* kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)
* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)
* kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)
* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)
* kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)
* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)
* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)
* kernel: information leak in the IPv6 implementation (CVE-2021-45485)
* kernel: information leak in the IPv4 implementation (CVE-2021-45486)
* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)
* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)
* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)
* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)
* kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2020-0404 https://access.redhat.com/security/cve/CVE-2020-13974 https://access.redhat.com/security/cve/CVE-2020-27820 https://access.redhat.com/security/cve/CVE-2021-0941 https://access.redhat.com/security/cve/CVE-2021-3612 https://access.redhat.com/security/cve/CVE-2021-3669 https://access.redhat.com/security/cve/CVE-2021-3743 https://access.redhat.com/security/cve/CVE-2021-3744 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3759 https://access.redhat.com/security/cve/CVE-2021-3764 https://access.redhat.com/security/cve/CVE-2021-3772 https://access.redhat.com/security/cve/CVE-2021-3773 https://access.redhat.com/security/cve/CVE-2021-4002 https://access.redhat.com/security/cve/CVE-2021-4037 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4157 https://access.redhat.com/security/cve/CVE-2021-4197 https://access.redhat.com/security/cve/CVE-2021-4203 https://access.redhat.com/security/cve/CVE-2021-20322 https://access.redhat.com/security/cve/CVE-2021-26401 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-37159 https://access.redhat.com/security/cve/CVE-2021-41864 https://access.redhat.com/security/cve/CVE-2021-42739 https://access.redhat.com/security/cve/CVE-2021-43389 https://access.redhat.com/security/cve/CVE-2021-43976 https://access.redhat.com/security/cve/CVE-2021-44733 https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-0001 https://access.redhat.com/security/cve/CVE-2022-0002 https://access.redhat.com/security/cve/CVE-2022-0286 https://access.redhat.com/security/cve/CVE-2022-0322 https://access.redhat.com/security/cve/CVE-2022-1011 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Package List

Red Hat Enterprise Linux Real Time for NFV (v. 8):
Source: kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm
x86_64: kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
Red Hat Enterprise Linux Real Time (v. 8):
Source: kernel-rt-4.18.0-372.9.1.rt7.166.el8.src.rpm
x86_64: kernel-rt-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2022:1975-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1975
Issued Date: : 2022-05-10
CVE Names: CVE-2020-0404 CVE-2020-13974 CVE-2020-27820 CVE-2021-0941 CVE-2021-3612 CVE-2021-3669 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 CVE-2021-3773 CVE-2021-4002 CVE-2021-4037 CVE-2021-4083 CVE-2021-4157 CVE-2021-4197 CVE-2021-4203 CVE-2021-20322 CVE-2021-26401 CVE-2021-29154 CVE-2021-37159 CVE-2021-41864 CVE-2021-42739 CVE-2021-43389 CVE-2021-43976 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0001 CVE-2022-0002 CVE-2022-0286 CVE-2022-0322 CVE-2022-1011

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Enterprise Linux Real Time (v. 8) - x86_64

Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

Bugs Fixed

1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module

1903578 - kernnel-rt-debug: do not call blocking ops when !TASK_RUNNING; state=1 set at [<0000000050e86018>] handle_userfault+0x530/0x1820

1905749 - kernel-rt-debug: BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:968

1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors

1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation

1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver

1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()

1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c

1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts

1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function

1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c

1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module

1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks

2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations

2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients

2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write

2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies

2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c

2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free

2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device

2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs

2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405

2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it

2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem

2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function

2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks

2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses

2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa

2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation

2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation

2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c

2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715

2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI)

2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI

2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.