ID

VAR-202203-0043

CVE

CVE-2022-0847

TITLE

Linux Kernel  Initialization vulnerability in

DESCRIPTION

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. An attacker able to connect a crafted USB device can take advantage of this flaw to cause a denial of service. CVE-2022-0330 Sushma Venkatesh Reddy discovered a missing GPU TLB flush in the i915 driver, resulting in denial of service or privilege escalation. CVE-2022-0435 Samuel Page and Eric Dumazet reported a stack overflow in the networking module for the Transparent Inter-Process Communication (TIPC) protocol, resulting in denial of service or potentially the execution of arbitrary code. CVE-2022-0516 It was discovered that an insufficient check in the KVM subsystem for s390x could allow unauthorized memory read or write access. CVE-2022-0847 Max Kellermann discovered a flaw in the handling of pipe buffer flags. An attacker can take advantage of this flaw for local privilege escalation. CVE-2022-22942 It was discovered that wrong file file descriptor handling in the VMware Virtual GPU driver (vmwgfx) could result in information leak or privilege escalation. CVE-2022-24448 Lyu Tao reported a flaw in the NFS implementation in the Linux kernel when handling requests to open a directory on a regular file, which could result in a information leak. CVE-2022-24959 A memory leak was discovered in the yam_siocdevprivate() function of the YAM driver for AX.25, which could result in denial of service. CVE-2022-25258 Szymon Heidrich reported the USB Gadget subsystem lacks certain validation of interface OS descriptor requests, resulting in memory corruption. CVE-2022-25375 Szymon Heidrich reported that the RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command, resulting in information leak from kernel memory. For the stable distribution (bullseye), these problems have been fixed in version 5.10.92-2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmImAChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TlAw/+MoL+9zYTlpPOcWp0YMuOkEUJU3WS7udSyTSZLNZsWuQTVmPQ6ed7Fxw/ b0j6OCX9HbrIl4nJdx+7D53ujWC6hS29TLgHCb8d/TEeluXPVI2+4Nt1FcZbSXTJ 6hBNIVVIiDUV9Wco8JUVbvk+y8VCsHxqDEePpEOTZVYLyDUUdti4V7+3ZyO8XQ4/ ePeCX8QQba5FApsz4jG7CkBCxBxyley6YswPV3Zz1FF6L/hGjgluYiKFbO4mLTlX vqwv/UIAZl2rutHzzxyBE5hIlPGXfgksPI7jTmSMRkWI99cIlJWTlziecYLQUiid 2NwOyu2vrut6ZVbtmI5WbTy64Aa9EKguQLd+SbBMuK790nfTLRySaZnU52/1j1MW 1/3Nwq+pDbZ/yAAeV/TS9oKl3mG3XVOO34EGpr9A5aZzCPetyb1TQj0jR5+mjCxy RTxYZuCrisnFvVXXRZLPc1vPcZW+ULXrPQFWEEvd2WKRa6iIkDHf5ef8pHRm36mk 9Yt0x6UmmVWLRRZp7UCbD03NB5p3oJKi+i1h3d+19jQGwU2bEhfOEADCADqlZLwc /6vFZ7TrA/74LXM8MOc5+VQbxL8nGetenPSHuxNwoeXw1ry4+x9KV6YHMqeqQ/qW jFpIOfWS1HQ9vC9t46V2eE0sfrOu2Jvdm4MixwRbXhjzs/REYTY= =MIhw -----END PGP SIGNATURE----- . Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2022:0821-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0821 Issue date: 2022-03-10 CVE Names: CVE-2021-4083 CVE-2022-0330 CVE-2022-0492 CVE-2022-0847 CVE-2022-22942 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time EUS (v. 8.2) - x86_64 Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) * kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z16 Batch (BZ#2057698) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer 6. Package List: Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2): Source: kernel-rt-4.18.0-193.79.1.rt13.129.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-kvm-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-kvm-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm Red Hat Enterprise Linux Real Time EUS (v. 8.2): Source: kernel-rt-4.18.0-193.79.1.rt13.129.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.79.1.rt13.129.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2022-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippk9zjgjWX9erEAQioHQ//aOK91fuHXKUshQ0tyCtRMbiMIkkqjr/6 nlb46svULcwrygX07N/TntlSIBvpoCtzsaL/1lFzsfc9U4M/Fe/VXyeMZHfhndwF hPOen+B6VceaviFpyjx1WzikOQNGEV9iCpR1tHE0Kz/jWr3qH5dgoNcDQwu4aD35 +XsilsHpS/rPH04J09je/xYFzhUQkoNYcHioxFVVQMFssveVefyVc1VGWEW+YZ6f JzD4ZHoKDdM5FqqCVazkPs2acBDmKsxc77Lz1LYrPR3HcDYC7joLiTuzs5kqNb/X AJgY2IMyYGoRD5hn7tz9z1IXA88AO8b0mEWJQB3om33z+XiAnmVsQ2SmNdpr/IHH m7psfr58pOauUYXmOr4Cd3fSwEBeue+F5avHmu7WYq4hwLbqWSre4zfeg973jDPI TS1WE/NbO3K/KQ6SelrLR85u0lzt9of6miptBmESdA4AaXuVmLkp4vizI4xamMUH WshQ3vBKdFaKnkoWobGZWYcC2IG+Zcy8bIAXVAjC8Ua5nxyQ9pvtmJbJv2iZSa4K QVlQociE+pXDNUHWP3JvyIBb4d1yeuiUKGX4EX/YXtHk4jhYd2Y66ESbVmmNUbgI egnaQtIGYFsM+D9G1GwDuNNL3eeSRGXcxHqMmymwLrRZ3TdouR2NeSAlTyzCvK9n 2fFeV6NMYpw=ymtx -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Siemens reported these vulnerabilities to CISA.

SOURCES

LAST UPDATE DATE

2025-03-31T16:34:04.639000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE