ID

VAR-202203-0043

CVE

CVE-2022-0847

TITLE

Linux Kernel  Initialization vulnerability in

DESCRIPTION

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Linux Kernel Has an initialization vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/ Security updates: * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) Bug fix: * RHACM 2.3.8 images (Bugzilla #2062316) 3. Bugs fixed (https://bugzilla.redhat.com/): 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2062316 - RHACM 2.3.8 images 5. ========================================================================= Ubuntu Security Notice USN-5362-1 April 01, 2022 linux-intel-5.13 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-intel-5.13: Linux kernel for Intel IOTG Details: Nick Gregory discovered that the Linux kernel incorrectly handled network offload functionality. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-25636) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by ARM to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-23960) It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-23222) Max Kellermann discovered that the Linux kernel incorrectly handled Unix pipes. A local attacker could potentially use this to modify any file that could be opened for reading. (CVE-2022-0847) Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. (CVE-2022-0492) William Liu and Jamie Hill-Daniel discovered that the file system context functionality in the Linux kernel contained an integer underflow vulnerability, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-0185) Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida discovered that hardware mitigations added by Intel to their processors to address Spectre-BTI were insufficient. A local attacker could potentially use this to expose sensitive information. (CVE-2022-0001) Jann Horn discovered a race condition in the Unix domain socket implementation in the Linux kernel that could result in a read-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4083) It was discovered that the NFS server implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4090) Kirill Tkhai discovered that the XFS file system implementation in the Linux kernel did not calculate size correctly when pre-allocating space in some situations. A local attacker could use this to expose sensitive information. (CVE-2021-4155) It was discovered that the AMD Radeon GPU driver in the Linux kernel did not properly validate writes in the debugfs file system. A privileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-42327) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) Samuel Page discovered that the Transparent Inter-Process Communication (TIPC) protocol implementation in the Linux kernel contained a stack-based buffer overflow. A remote attacker could use this to cause a denial of service (system crash) for systems that have a TIPC bearer configured. (CVE-2022-0435) It was discovered that the KVM implementation for s390 systems in the Linux kernel did not properly prevent memory operations on PVM guests that were in non-protected mode. A local attacker could use this to obtain unauthorized memory write access. (CVE-2022-0516) It was discovered that the ICMPv6 implementation in the Linux kernel did not properly deallocate memory in certain situations. A remote attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2022-0742) It was discovered that the VMware Virtual GPU driver in the Linux kernel did not properly handle certain failure conditions, leading to a stale entry in the file descriptor table. A local attacker could use this to expose sensitive information or possibly gain administrative privileges. (CVE-2022-22942) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: linux-image-5.13.0-1010-intel 5.13.0-1010.10 linux-image-intel 5.13.0.1010.11 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5362-1 CVE-2021-4083, CVE-2021-4090, CVE-2021-4155, CVE-2021-42327, CVE-2022-0001, CVE-2022-0185, CVE-2022-0330, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-0847, CVE-2022-22942, CVE-2022-23222, CVE-2022-23960, CVE-2022-25636 Package Information: https://launchpad.net/ubuntu/+source/linux-intel-5.13/5.13.0-1010.10 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:0820-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0820 Issue date: 2022-03-10 CVE Names: CVE-2021-4083 CVE-2022-0330 CVE-2022-0492 CVE-2022-0847 CVE-2022-22942 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2036933) Security Fix(es): * kernel: improper initialization of the "flags" member of the new pipe_buffer (CVE-2022-0847) * kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083) * kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330) * kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492) * kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 8.3 Bug] ICX Whitley: PCIe - kernel panic with AER-INJECT (BZ#2040309) * [ESXi][RHEL8] A task is stuck waiting for the completion of the vmci_resouce releasing upon the balloon reset. [None8.2.0.z] (BZ#2052200) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it 2042404 - CVE-2022-0330 kernel: possible privileges escalation due to missing TLB flush 2044809 - CVE-2022-22942 kernel: failing usercopy allows for use-after-free exploitation 2051505 - CVE-2022-0492 kernel: cgroups v1 release_agent feature may allow privilege escalation 2060795 - CVE-2022-0847 kernel: improper initialization of the "flags" member of the new pipe_buffer 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kernel-4.18.0-193.79.1.el8_2.src.rpm aarch64: bpftool-4.18.0-193.79.1.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-core-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-devel-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-headers-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-modules-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-tools-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.79.1.el8_2.aarch64.rpm perf-4.18.0-193.79.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm python3-perf-4.18.0-193.79.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.79.1.el8_2.noarch.rpm kernel-doc-4.18.0-193.79.1.el8_2.noarch.rpm ppc64le: bpftool-4.18.0-193.79.1.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-core-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.79.1.el8_2.ppc64le.rpm perf-4.18.0-193.79.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm python3-perf-4.18.0-193.79.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm s390x: bpftool-4.18.0-193.79.1.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm kernel-4.18.0-193.79.1.el8_2.s390x.rpm kernel-core-4.18.0-193.79.1.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.79.1.el8_2.s390x.rpm kernel-devel-4.18.0-193.79.1.el8_2.s390x.rpm kernel-headers-4.18.0-193.79.1.el8_2.s390x.rpm kernel-modules-4.18.0-193.79.1.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.79.1.el8_2.s390x.rpm kernel-tools-4.18.0-193.79.1.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.79.1.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.79.1.el8_2.s390x.rpm perf-4.18.0-193.79.1.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm python3-perf-4.18.0-193.79.1.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.s390x.rpm x86_64: bpftool-4.18.0-193.79.1.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-core-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-devel-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-headers-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-modules-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-tools-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.79.1.el8_2.x86_64.rpm perf-4.18.0-193.79.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm python3-perf-4.18.0-193.79.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: bpftool-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.79.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.79.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.79.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.79.1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYippnNzjgjWX9erEAQgeIA/8DjMqXgeKBWJlF/juiqi+DTsTZw1SwsGt 1Hp0MqSHnmQGnDQ7fm4Ifn63Apmgk+oxWgepaIVrMtWf2rhmXyDpRfCtgjXU5rRj YVzl84tQGZyWBCBYA5R9Xa6/iSYWyFC0CJ5d0MvZ7uNGVSWj8F5Ne1u7/yJYcREQ 38224Coz5ED0NFBHYM/GSnPdL+l7nfmIA3VEmr25njpgbHM3hjnn2B98klp27h+L QP2ONO2XAax/aikdT6NVqAG2G6HQ2BkG3BOZAhXUJoSV6MI6OpPyxlg5RH0445xx 53nWsgs+oenfh7yJV5i+gCNUbJV7hhp9HJ9DTOj/VT6BsYAtz1baY47NrDdrmHzj mKx8gYVEXtoKLBkmrcoBmLH4sGIu+9DsComN1FJBuJij4nX8aIdIXZAsE414qd5V oNra4L/eS+mTziD6Q6jwSeVCOCdqxOdqpL9JeIiWKlOW3WjAG7VnPvLWJoXKQeEJ hvtnZY6/SMMZQ5p3qq0pJVRa7jsaGevT7BFyOkH+6ephJedX9FcSkDP2iWFmrXQk l9kkHgqHsm6tMM7gr7/yTHzKyOQblaaB0czOTNexTVg3qRQ1Tpiz+IoV8A7FBzrB M69wkaT/IAmuc/FeXNe94/ZLj2oeHjTFhZp+p8YClbmRtLd+Mb3p6Gz1uWhuka4U 7ibzusummRs=QzAW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * kernel symbol '__rt_mutex_init' is exported GPL-only in kernel 4.18.0-348.2.1.rt7.132.el8_5 (BZ#2038423) * kernel-rt: update RT source tree to the RHEL-8.5.z3 source tree (BZ#2045589) 4. CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver. CVE-2022-24448 Lyu Tao reported a flaw in the NFS implementation in the Linux kernel when handling requests to open a directory on a regular file, which could result in a information leak. CVE-2022-25258 Szymon Heidrich reported the USB Gadget subsystem lacks certain validation of interface OS descriptor requests, resulting in memory corruption. CVE-2022-25375 Szymon Heidrich reported that the RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command, resulting in information leak from kernel memory. For the stable distribution (bullseye), these problems have been fixed in version 5.10.92-2. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmImAChfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TlAw/+MoL+9zYTlpPOcWp0YMuOkEUJU3WS7udSyTSZLNZsWuQTVmPQ6ed7Fxw/ b0j6OCX9HbrIl4nJdx+7D53ujWC6hS29TLgHCb8d/TEeluXPVI2+4Nt1FcZbSXTJ 6hBNIVVIiDUV9Wco8JUVbvk+y8VCsHxqDEePpEOTZVYLyDUUdti4V7+3ZyO8XQ4/ ePeCX8QQba5FApsz4jG7CkBCxBxyley6YswPV3Zz1FF6L/hGjgluYiKFbO4mLTlX vqwv/UIAZl2rutHzzxyBE5hIlPGXfgksPI7jTmSMRkWI99cIlJWTlziecYLQUiid 2NwOyu2vrut6ZVbtmI5WbTy64Aa9EKguQLd+SbBMuK790nfTLRySaZnU52/1j1MW 1/3Nwq+pDbZ/yAAeV/TS9oKl3mG3XVOO34EGpr9A5aZzCPetyb1TQj0jR5+mjCxy RTxYZuCrisnFvVXXRZLPc1vPcZW+ULXrPQFWEEvd2WKRa6iIkDHf5ef8pHRm36mk 9Yt0x6UmmVWLRRZp7UCbD03NB5p3oJKi+i1h3d+19jQGwU2bEhfOEADCADqlZLwc /6vFZ7TrA/74LXM8MOc5+VQbxL8nGetenPSHuxNwoeXw1ry4+x9KV6YHMqeqQ/qW jFpIOfWS1HQ9vC9t46V2eE0sfrOu2Jvdm4MixwRbXhjzs/REYTY= =MIhw -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

other

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-11-23T19:37:58.995000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE