ID

VAR-202206-1106

CVE

CVE-2022-21123

TITLE

Red Hat Security Advisory 2022-6954-01

DESCRIPTION

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Description: Red Hat Advanced Cluster Management for Kubernetes 2.5.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html/release_notes/ Security fix: * search-api-container: search-api: SQL injection leads to remote denial of service (CVE-2022-2238) Bug fixes: * search-aggregator pod is continuously getting OOMkilled on the hub (BZ# 2092863) * ACM 2.5 cannot create known_hosts file when pulling from ssh git repo (BZ# 2105885) * Production RHACM upgrade from v2.4.2 to 2.5.1 (BZ# 2121063) * No errors shown for failed helm deployments (BZ# 2124636) * In topology, cluster deploy status is shown as not deployed however new project is created on the cluster (BZ# 2125441) 3. Bugs fixed (https://bugzilla.redhat.com/): 2092863 - search-aggregator pod is continuously getting OOMkilled on the hub 2101669 - CVE-2022-2238 search-api: SQL injection leads to remote denial of service 2105885 - ACM 2.5 cannot create known_hosts file when pulling from ssh git repo 2121063 - Production RHACM upgrade from v2.4.2 to 2.5.1 2124636 - no errors shown for failed helm deployments 2125441 - In topology, cluster deploy status is shown as not deployed however new project is created on the cluster 5. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-5513-1 July 13, 2022 linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems Details: Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609) Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3752) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) Szymon Heidrich discovered that the USB Gadget subsystem in the Linux kernel did not properly restrict the size of control requests for certain gadget types, leading to possible out of bounds reads or writes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-39685) It was discovered that the Ion Memory Manager subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-39714) Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. (CVE-2021-4197) Lin Ma discovered that the NFC Controller Interface (NCI) implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-4202) Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in the Linux kernel did not perform a GPU TLB flush in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2022-0330) It was discovered that the PF_KEYv2 implementation in the Linux kernel did not properly initialize kernel memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2022-1353) It was discovered that the virtual graphics memory manager implementation in the Linux kernel was subject to a race condition, potentially leading to an information leak. (CVE-2022-1419) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) It was discovered that the Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system) or execute arbitrary code. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the USB Gadget file system interface in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-24958) 赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could use this to cause a denial of service. (CVE-2022-28356) It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-28388) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.4.0-1109-aws 4.4.0-1109.115 linux-image-aws 4.4.0.1109.106 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5513-1 CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685, CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330, CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679, CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-24958, CVE-2022-28356, CVE-2022-28388 . Bugs fixed (https://bugzilla.redhat.com/): 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 5. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. For additional information please refer to the following pages: https://xenbits.xen.org/xsa/advisory-404.html https://xenbits.xen.org/xsa/advisory-407.html For the stable distribution (bullseye), these problems have been fixed in version 4.14.5+24-g87d90d511c-1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLRp7MACgkQEMKTtsN8 TjbUmQ/+PCIyYjQJgGT14YBFpKnI/JjdBNRUAlSMK7k3fPhk+J8sQrRx5MqwxRm3 poejebvnbn2KS1Z/NVaiPnS40ryOOUnLBKVDAHqRvnvrc2GwEblGCmUVaBn+cn4M 2OCG2wfpgSDk4sk83obDY1qcQW/676eGY47ULwkG9C+n6wNC8FParq71sCA6UQqy XSWlU7o7pc17l8B1c2yTzfdDeXjSaXe9pavxNXDrowLi7taeTn5GwzhH4x1fPWrs rGHCY8+Kk8Vq8jEIYmZA7bvKuIFcWkcdQpxcAtbgUvtCRzaid19tcf9McvltivKe HaHQhkDJxg32DHcefXMNsh+F0pgXoodh97PdqWtjs49jAkaNZb37Eyn4n7Qt4APm 4oKAT+QA5wYmfDsBzgAczzV9zgY3/nRvYKNH6q9VMOFE3gZfzdzvyHzpegf2VVtf 7DuJKTi61tlt6aSzcDHlzdUAwW7sHXKFLRxgQu6tFD7NbEHzgj0iBlcFOnKDwa2s hHOE6Hlj1GXZUKjol5pRjnM33qGMJmRhnq45qqWaGe21r+EFw2HTAyCacJciPX+a QZ4LEy5+zmc8LFBcZq9kZAVkc91EtTiTPjffqHaVd4eAZvxtgCbqdXFdyRZa9ZRD +2+e1dRoiIF6L5PotQygXyKwvxU8ca6Ni9isvit3brbLjcGjhZk= =pXvE -----END PGP SIGNATURE----- . Bug Fix(es): * sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360) * RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144) * ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823) * [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625) * System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315) * [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs (BZ#2126215) * [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491) * RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874) * Enable check-kabi (BZ#2132372) * Add symbols to stablelist (BZ#2132373) * Update RHEL9.1 kabi tooling (BZ#2132380) * kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464) * [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589) * crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523) * FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552) * [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354) * [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355) * kernel memory leak while freeing nested actions (BZ#2137356) * ovs: backports from upstream (BZ#2137358) * kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095) * [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214) * Fix panic in nbd/004 test (BZ#2139535) * Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141) * [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142169) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2022:7280-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7280 Issue date: 2022-11-01 CVE Names: CVE-2022-2588 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ==================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time TUS (v. 8.2) - x86_64 Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update RT source tree to the latest RHEL-8.2.z21 Batch (BZ#2100575) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation 6. Package List: Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2): Source: kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-kvm-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-kvm-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm Red Hat Enterprise Linux Real Time TUS (v. 8.2): Source: kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.93.1.rt13.143.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2FrpdzjgjWX9erEAQiUKRAAn2+wAHJN7JCGJnyrxle0O5lJG082lRys YadFY+KfafjmmFf3OmF8RWH5H3hURYnD8dy3l+pg9tadu1DVDQcHw4F3sa14wqka ozHadtjnTpdPuioSRa0nS4W1lB+KxlD0X6jcGeCd7wie5RFl589nfMJJ/uJjNJSA 2ngUYYACAj4KW+M2nAq54l3t1TSg25Obn/C3QUxWf+p2GSutzQozkOCVTyuHQFVM sbjmzmzm8OkvV8FCNJaq9nCzYA4atd53NVsZ0OtvWPD2a3OC4hIpQCxlbhOzC4/6 gEjUPf7qBt6xYNwHyIZrWU7NklEKA/cBxeCnEjrSY2EkSVABboAKSGPyTZVsHB/A +AeTpYEsWPbR1Tq6GOuesszkvHqLWPQHw0l02mCc4u02oJpy46zjEfyXEXmcTIps AwX/+gU9SS12fQQivDOsy6YTEfsUscLHvdmFyQsSXiN6CzD0zcIQE1FKe+SSqU5O PQksp90Hd1QvzqIww6M/TQ/gfSpvfJNdEFKeEaLXxaTOIQ/ByAKb2CRohSipOy/9 hy78V96iAy22BQNyC1MUfXUP0pf/s7/Dhr3ZYyPHjq2Nv6NjibXLf+kO3W1uOU3s tA9/fOQrHEIjbuzJkDaVGq8rIstx3W2lbxOvJ8ciL+1vQhfj/xT9Sh6KPbECcBEw 9Ag402aFhko=+/FL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:7873 Space precludes documenting all of the container images in this advisory. Solution: For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, and ppc64le architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags The sha values for the release are: (For x86_64 architecture) The image digest is sha256:ac2bbfa7036c64bbdb44f9a74df3dbafcff1b851d812bf2a48c4fabcac3c7a53 (For s390x architecture) The image digest is sha256:ac2c74a664257cea299126d4f789cdf9a5a4efc4a4e8c2361b943374d4eb21e4 (For ppc64le architecture) The image digest is sha256:53adc42ed30ad39d7117837dbf5a6db6943a8f0b3b61bc0d046b83394f5c28b2 All OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2077100 - Console backend check for Web Terminal Operator incorrectly returns HTTP 204 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-2205 - Prefer local dns does not work expectedly on OCPv4.8 OCPBUGS-2347 - [cluster-api-provider-baremetal] fix 4.8 build OCPBUGS-2577 - [4.8] ETCD Operator goes degraded when a second internal node ip is added OCPBUGS-2773 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name OCPBUGS-2989 - [4.8] cri-o should report the stage of container and pod creation it's stuck at 6

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

sql injection

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-07T22:40:13.715000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE