-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2022:8673-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8673 Issue date: 2022-11-29 CVE Names: CVE-2022-1158 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time EUS (v.8.4) - x86_64 Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117027) * Backport use of a dedicate thread for timer wakeups (BZ#2127206) * Update RT source tree to the RHEL-8.4.z13 source tree. (BZ#2129948) * Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel [RT-8] (BZ#2139853) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region 6. Package List: Red Hat Enterprise Linux Real Time for NFV EUS (v.8.4): Source: kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.src.rpm x86_64: kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-kvm-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm Red Hat Enterprise Linux Real Time EUS (v.8.4): Source: kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.src.rpm x86_64: kernel-rt-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.71.1.rt7.143.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-1158 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY4ZVsdzjgjWX9erEAQizwA/9HsqWNFvtZGAaKnR2FjFT2Ry99Vglsmor e14rydyVgcG7g9nHFDj5S63+e0pELNJWWhrqIi/GiNaI4HyNlyRvFnmJFUP/xbVy g0kv3hAZy2T36ZDgjb+1fdwlBNDlJ/xHRwxb7gkQJL3M9soeJlvcz6V9rkWt+9Y0 guB1eQQesUI2ratllLkkw9xbfOS+zEyDS468aPMVjbEHOnRM4/NGNkNgy3VBH4Dh aCx0XVmubD/q5Umuy55mW6W89ZyukK+2iPpJnnmsV4IEmM4uMKvn+Okz4bMRSprE 6BpISUdA0XsLspUSdR4RJscq/8w1QQZAFHvOEQMuWTv3xLyqMeY18IN1vW3KvgUR gAfLrm4arpQZKICfSd7Ekvxy83o552a9OiFmP8F9KimURqp+CG7k8jq/Czk2o22g jHg34VqRtDMhQ54ZsOuhBarmy4cRoPBHaYaK9gahoaw/Mf9KHBxs8/qpZl+facv4 Y3rjy1DZ+FhS3JjmVhQeEmDe93QUwEEenthmbHsjbcCZjgzf3Sur0oYTW+b3YBke f1wzh0CutwG/DE38MsxLuSyEgrfGAaDj0Q+uZ2SeJfEW4/gAqTStG2S0bUDkI8wI GNY3lmymokj4kgqpm/gwQy3ZplcGbB+E2LwiBJhnB2qfKWxF5DVoRyFeVU2gq1+M UgjKLL/zWok=rA+M -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce