-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:7110-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:7110
Issue date:        2022-10-25
CVE Names:         CVE-2022-0494 CVE-2022-1353 CVE-2022-2588
                   CVE-2022-23816 CVE-2022-23825 CVE-2022-29900
                   CVE-2022-29901
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A use-after-free in cls_route filter implementation may lead to privilege
escalation (CVE-2022-2588)

* Information leak in scsi_ioctl() (CVE-2022-0494)

* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions
(CVE-2022-23816, CVE-2022-29900)

* Branch Type Confusion (non-retbleed) (CVE-2022-23825)

* RetBleed Arbitrary Speculative Code Execution with Return Instructions
(CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Add s390_iommu_aperture kernel parameter (BZ#2081324)

* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200
(BZ#2091065)

* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)

* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)

* "vmcore failed, _exitcode:139" error observed while capturing vmcore
during fadump after memory remove. incomplete vmcore is captured.
(BZ#2107488)

* 'disable_policy' is ignored for addresses configured on a down interface
(BZ#2109971)

* Backport request for new cpufreq.default_governor kernel command line
parameter (BZ#2109996)

* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1
enabled when poweroff issued to server (BZ#2111140)

* IOMMU/DMA update for 8.7 (BZ#2111692)

* Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13)
(BZ#2112103)

* Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command.
(BZ#2112820)

* Panic in ch_release() due to NULL ch->device pointer, backport upstream
fix (BZ#2115965)

* pyverbs-tests fail over qede IW HCAs on "test_query_rc_qp"
(tests.test_qp.QPTest) (BZ#2119122)

* qedi shutdown handler hangs upon reboot (BZ#2119847)

* cache link_info for ethtool (BZ#2120197)

* Important iavf bug fixes (BZ#2120225)

* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)

* While using PTimekeeper the qede driver produces excessive log messages
(BZ#2125477)

* general protection fault handling rpc_xprt.timer (BZ#2126184)

* Not enough device MSI-X vectors (BZ#2126482)

* Atlantic driver panic on wakeup after hybernate (BZ#2127845)

* Memory leak in vxlan_xmit_one (BZ#2131255)

* Missing hybernate/resume fixes (BZ#2131936)

Enhancement(s):

* Update smartpqi driver to latest upstream Second Set of Patches
(BZ#2112354)

* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)

* Update qedi driver to latest upstream (BZ#2120612)

* Update qedf driver to latest upstream (BZ#2120613)

* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops
(BZ#2127122)

* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64)
(BZ#2129923)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2039448 - CVE-2022-0494 kernel: information leak in  scsi_ioctl()
2066819 - CVE-2022-1353 Kernel: A kernel-info-leak issue in pfkey_register
2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions
2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)
2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-372.32.1.el8_6.src.rpm

aarch64:
bpftool-4.18.0-372.32.1.el8_6.aarch64.rpm
bpftool-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-core-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-core-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-devel-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-modules-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-devel-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-modules-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-modules-extra-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.32.1.el8_6.aarch64.rpm
perf-4.18.0-372.32.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.32.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm

noarch:
kernel-abi-stablelists-4.18.0-372.32.1.el8_6.noarch.rpm
kernel-doc-4.18.0-372.32.1.el8_6.noarch.rpm

ppc64le:
bpftool-4.18.0-372.32.1.el8_6.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-core-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-cross-headers-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-core-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-modules-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-headers-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-modules-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-modules-extra-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-tools-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-tools-libs-4.18.0-372.32.1.el8_6.ppc64le.rpm
perf-4.18.0-372.32.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
python3-perf-4.18.0-372.32.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm

s390x:
bpftool-4.18.0-372.32.1.el8_6.s390x.rpm
bpftool-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-core-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-cross-headers-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-core-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-devel-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-modules-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-devel-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-headers-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-modules-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-tools-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6.s390x.rpm
perf-4.18.0-372.32.1.el8_6.s390x.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm
python3-perf-4.18.0-372.32.1.el8_6.s390x.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.s390x.rpm

x86_64:
bpftool-4.18.0-372.32.1.el8_6.x86_64.rpm
bpftool-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-core-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-headers-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.32.1.el8_6.x86_64.rpm
perf-4.18.0-372.32.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.32.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.32.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.32.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0494
https://access.redhat.com/security/cve/CVE-2022-1353
https://access.redhat.com/security/cve/CVE-2022-2588
https://access.redhat.com/security/cve/CVE-2022-23816
https://access.redhat.com/security/cve/CVE-2022-23825
https://access.redhat.com/security/cve/CVE-2022-29900
https://access.redhat.com/security/cve/CVE-2022-29901
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBY1fUtdzjgjWX9erEAQhSsBAAo9lW/rCtEsWCrWMHQCIB4EhRjeuM9jki
1bsrhq45GFS9ZjleXArh5lxLI4fGfxNtvSg3okIxd8mcXLr1HnexWZijg6OAqiK4
Jhn3vvyyINdik/fTi9IpVnX4Tbi0x9kGfEKPJaPoaTZF0IyzjE6l/SBW6Vl4W5Rd
m7HL+mmdb+Tew2iK23eCI6aVDO6yFdE0d1uxUFB+CNy8U+hApNTQAdiB4KiBGJ62
Frn+EZgThTmMtygbA0CnO34/uSvzJ8sQJvygOZ18ihW26KHc5fIII9sphrDz89SM
WgKhHag8NLZLTP3gtg3IJ4S4HdOZhbZAwPmKFf57mDS35cjYljeJ2F+61vAVcnyc
J2Zfv/9ZLV2Y88NsbJjIefMKOkkZnO2UGoJv8ZQdX6xQ+cU/QMPPhZGjAIW9iRt0
cR89CFJrtgovejMPus3NsvkEzMkXOIdDQuv0R+o6DpWWiq8Ku30I18L/Eq/Bv36K
bK31VCHvHLtV9+sTjobMlNbV1m0b6EBdvLrvC9uLitw4HMMAjZx2/DaLXjbvHNmm
I4LaicZTNaRUEby3ts8Coa1dk4BP6s2b3ZKvRPYVL0erFHOoIhxTy76cD/F8PZeF
J9ip+64HjeUrYb63XL9EwcO8+mtkUa4UbBWUK8nCrDvsVWayxQxtrixmFhOKtXxf
myf0cZkEBGM=KWbC
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce