-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:7318-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7318 Issue date: 2022-11-02 CVE Names: CVE-2022-2585 CVE-2022-30594 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * posix cpu timer use-after-free may lead to local privilege escalation (CVE-2022-2585) * Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel crash after reboot of T14/G2 AMD laptop (mt7921e module) (BZ#2095653) * execve exit tracepoint not called (BZ#2106661) * Matrox black screen on VGA output on some systems. (BZ#2112017) * The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (BZ#2121129) * watchdog BUG: soft lockup - CPU#30 stuck for 34s! [swapper/30:0] (BZ#2127857) * Update cifs to 5.16 (BZ#2127858) * Bad page state in process qemu-kvm pfn:68a74600 (BZ#2127859) * vfio zero page mappings fail after 2M instances (BZ#2128791) * The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (part 2) (BZ#2128970) Enhancement(s): * Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129453) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option 2114874 - CVE-2022-2585 kernel: posix cpu timer use-after-free may lead to local privilege escalation 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-devel-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-devel-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-devel-matched-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-headers-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm perf-5.14.0-70.30.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm noarch: kernel-doc-5.14.0-70.30.1.el9_0.noarch.rpm ppc64le: bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-devel-matched-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm perf-5.14.0-70.30.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-devel-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm kernel-devel-5.14.0-70.30.1.el9_0.s390x.rpm kernel-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm kernel-headers-5.14.0-70.30.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-devel-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-devel-matched-5.14.0-70.30.1.el9_0.s390x.rpm perf-5.14.0-70.30.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-devel-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-devel-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-devel-matched-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-headers-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm perf-5.14.0-70.30.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: kernel-5.14.0-70.30.1.el9_0.src.rpm aarch64: bpftool-5.14.0-70.30.1.el9_0.aarch64.rpm bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-core-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-core-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-modules-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-modules-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-modules-extra-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-libs-5.14.0-70.30.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm python3-perf-5.14.0-70.30.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm noarch: kernel-abi-stablelists-5.14.0-70.30.1.el9_0.noarch.rpm ppc64le: bpftool-5.14.0-70.30.1.el9_0.ppc64le.rpm bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-core-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-core-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-modules-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-modules-extra-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-libs-5.14.0-70.30.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm python3-perf-5.14.0-70.30.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm s390x: bpftool-5.14.0-70.30.1.el9_0.s390x.rpm bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-5.14.0-70.30.1.el9_0.s390x.rpm kernel-core-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-core-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-modules-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm kernel-modules-5.14.0-70.30.1.el9_0.s390x.rpm kernel-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm kernel-tools-5.14.0-70.30.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-core-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-modules-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-modules-extra-5.14.0-70.30.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm python3-perf-5.14.0-70.30.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm x86_64: bpftool-5.14.0-70.30.1.el9_0.x86_64.rpm bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-core-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-modules-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-modules-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-modules-extra-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-libs-5.14.0-70.30.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm python3-perf-5.14.0-70.30.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder (v. 9): aarch64: bpftool-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-cross-headers-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.aarch64.rpm ppc64le: bpftool-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-cross-headers-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-cross-headers-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.30.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-cross-headers-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm kernel-tools-libs-devel-5.14.0-70.30.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.30.1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-2585 https://access.redhat.com/security/cve/CVE-2022-30594 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2K9RtzjgjWX9erEAQg5dw//ZFjS/ugn0S2QF94xP3PXnxhZgdfOXqrV DLv2UvywBFzf8GTz/0Lkf7zl9SQ7QF+ZPf2MHIYLPxqswTOt9XXJKrhcbh5E+zAt M3FIGkNoPBKxPalPp9lwjSQUU5fpYMSnOkvJIGx8LasUz7NlRuwQrK7k7Qb0tDqc AjXAnvz2bE3G9P1bPbkoYzBYk4J4WYGS8w3GRFzhmqqn32Uex6rF+sH5+YqxYt0P 24FTJDa6ggybzCbYfFNxEmbySP2s/feTAejA0P/AADxKjURj2GCeTzYZBAiAh07Q Ui0wOly0VoFCE1dDiRP0A821mve6WK9OJtVdQGnOwf/XiOxxpZQKDNap8AHXGLiz F9uq7eC6u/ISHosgs5z/cyFW/CshAYQjrEbl3LZ9LGFnbV5ZFU6eOxTUhyNp/x0Z Re9aD/xEJdA/W4YDd4a6Pb7SzEY8N5N/uhFn8MpEmDEcTp6ydxVnFBiHAEhW7bO7 5jeneVnc8qQTetNkSvF5EswMISmy9grZMWX+7wx5YLPRKYSWHv5Y7ZcPan8G3QfP Atiin4WjSDztlDaHR+y69da2T+aGGHIzXu0if/hlanncWI4YT2i7N99ViTqJJStf Xp+r1Jp2xhZYRfrCa5YCn4M8nxyrlaMfQE0IdzTpj8L0A2LTflFAEMC1CedxzWc0 nXkBWQ86WbA=KfTC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce