-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:6610-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6610 Issue date: 2022-09-20 CVE Names: CVE-2022-2078 CVE-2022-34918 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918) * kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RDMA/mlx5: Fix number of allocated XLT entries (BZ#2092270) * mlx5, Setup hanged when run test-route-nexthop-object.sh (BZ#2092535) * many call traces from unchecked MSR access error: WRMSR to 0x199 in amazon i4.32xlarge instance (BZ#2099417) * X86/platform/UV: Kernel Support Fixes for UV5 platform (BZ#2107732) * block layer: fixes for md sync slow and softlockup at blk_mq_sched_dispatch_requests [9.0.0.z] (BZ#2111395) * Fixes for NVMe/TCP dereferences an invalid, non-canonical pointer, kernel panic (BZ#2117755) * Adding missing nvme fix to RHEL-9.1 (BZ#2117756) * nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue) (BZ#2118698) * Important ice bug fixes (BZ#2119290) * Power 9/ppc64le Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command. (BZ#2121719) Enhancement(s): * lscpu does not show all of the support AMX flags (amx_int8, amx_bf16) (BZ#2108203) * ice: Driver Update (BZ#2108204) * iavf: Driver Update (BZ#2119477) * i40e: Driver Update (BZ#2119479) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2096178 - CVE-2022-2078 kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() 2104423 - CVE-2022-34918 kernel: heap overflow in nft_set_elem_init() 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-devel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-headers-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm perf-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm noarch: kernel-doc-5.14.0-70.26.1.el9_0.noarch.rpm ppc64le: bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm kernel-headers-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm perf-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-devel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-headers-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm perf-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: kernel-5.14.0-70.26.1.el9_0.src.rpm aarch64: bpftool-5.14.0-70.26.1.el9_0.aarch64.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-core-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-modules-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm noarch: kernel-abi-stablelists-5.14.0-70.26.1.el9_0.noarch.rpm ppc64le: bpftool-5.14.0-70.26.1.el9_0.ppc64le.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-core-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm s390x: bpftool-5.14.0-70.26.1.el9_0.s390x.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm x86_64: bpftool-5.14.0-70.26.1.el9_0.x86_64.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-core-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-modules-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): aarch64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm ppc64le: bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2078 https://access.redhat.com/security/cve/CVE-2022-34918 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYypfhdzjgjWX9erEAQjSpg//Y3ak+k0a3QlbNSwSEH9F0GLE0KOV9tk+ xPp+xXuUzNJ7iQ3+UhgksBs1faIBtvNgpURFZ2xsvIY3Z1TtuK0G7bBLffd0yO9J 6fTDVZmeeCrlmwrWtKCT/2rm10tAk/zQA2BftzG6M/1fcFjfKB1N/k+KXwp9Jt/n 1WC19sEAZWAUGW2Fxe7500HvN6Q/24EWPn2OcYGdXzS/XNqJwdK148OYg0A6pBtT hk7NOXMJr8fTABdg3BPnEXly1udTUgJnF0gvOl0tB6WNLxnHxc/61XnWIAk9/OYp DchPL+f7G/lH+5O2EgJG5OaFaUrznkbu8U1zEGOS1rZCdP9kMrX552P60jD4br4/ K1YASzwh6bp9UqJKtBEW6O2hX+s89o8Hzuyrdnz8Cy2AMD8Q0ceqnu8bTWhKHf/l daeLjh2vLXNRMeQZEpaYtiOOQNIGmVA1n/Zd1A+GoNcFmvGbQ4+G8l18GSvXc09V A0o5vL6fwssDeLCkuQi+pw5YBgvPC083Q9tQH9TS2Fr13unk5H3bj3duMzI4t0Ao g0E+jKR7VaVCA2B0syXr5XyWqKZ4pFIQZKq547LpdjivCLnvuD3WsTNwGxTkSm2u Aq0jQvXi2A2bZwd+PrsfWqAqVr9i7G3+vElmsPD9p6tajT4z/1iCbhC0YMqncE7P aCsumFjp/qg= =bwiS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce