-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2022:2211-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:2211 Issue date: 2022-05-11 CVE Names: CVE-2021-4028 CVE-2022-0492 ==================================================================== 1. Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in RDMA listen() (CVE-2021-4028) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2027201 - CVE-2021-4028 kernel: use-after-free in RDMA listen() 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 6. Package List: Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kpatch-patch-3_10_0-957_72_1-1-7.el7.src.rpm kpatch-patch-3_10_0-957_76_1-1-7.el7.src.rpm kpatch-patch-3_10_0-957_78_2-1-6.el7.src.rpm kpatch-patch-3_10_0-957_80_1-1-5.el7.src.rpm kpatch-patch-3_10_0-957_84_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_86_1-1-3.el7.src.rpm kpatch-patch-3_10_0-957_88_1-1-2.el7.src.rpm kpatch-patch-3_10_0-957_92_1-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-957_72_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-1-6.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-6.el7.ppc64le.rpm kpatch-patch-3_10_0-957_80_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_80_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_84_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_84_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_86_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_86_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-957_88_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_88_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_92_1-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_92_1-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-957_72_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-1-6.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-6.el7.x86_64.rpm kpatch-patch-3_10_0-957_80_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_80_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_84_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_84_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_86_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_86_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-957_88_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_88_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_92_1-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_92_1-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnw2M9zjgjWX9erEAQjYjA//SE4rvZJRkzPhnauUj8Hick1RWJfl7asq 2uJKto5Ajn/49nTD17WavFc1X0fM8r4DJNE7cokrayKP9stZpSic9zOmC2E+mlXw A/R95gyXvqCCQpBq1zkzt67+W3uKQ2tZTCY0NCYRQTogqMVT786FRvrzQ+DpNE91 GfgW9dermO3Lw7inFl5YdQAiLT3ei8OYl9Yc6L5bY8Sx4O5jx8r5keCofQdxp32p hvK9MiZH6vmIbhm8Mn5JYmLqYq08NKaqOVV7RBadLDmaMDrPmBn+W/YrxAAS8JXO xBzvwdke6EviWVPaEO8OtVzZeiN3XhJ4E3TiKOKYA2prqJOBqXro66GsWR1VwkLv HCVvfQVAs1z7RHEtl3HCPLU7TcwWhp6ycLyPX4jDk2BVQy1KqF05vC84iKzy3DpZ dgl5gld1OgtDvR0I5NyaTC7zarC8h7thTMGoAEN9Aw6oydUY0zIDXRWYBQJy7CWM VqcrWMXglMMgPgo30QfstJRIdPkWHCnMuU/ADhaAxIMSph+buhKYjWEfNfp3+o0X 83PtbRl0w+YzEKgAeyhjROBDaGG/JsHu+R0B7hVVcTn7zDZedu6/BTk0Kl2ZZc3E DPDdMvJnPqrdHYfdPVxSKIlfucFXNK3HEW2As1k9QN6h0qid3mwRQC9eN74IoyAB srsIno6UdA0M/s -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce