ID

VAR-202206-1157

CVE

CVE-2022-21166

TITLE

Red Hat Security Advisory 2022-6537-01

DESCRIPTION

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. A local attacker could possibly use this to expose sensitive information. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. Bugs fixed (https://bugzilla.redhat.com/): 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 5. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. Bug Fix(es): * sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360) * RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144) * ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823) * [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625) * System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315) * [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs (BZ#2126215) * [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491) * RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874) * Enable check-kabi (BZ#2132372) * Add symbols to stablelist (BZ#2132373) * Update RHEL9.1 kabi tooling (BZ#2132380) * kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464) * [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589) * crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523) * FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552) * [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354) * [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355) * kernel memory leak while freeing nested actions (BZ#2137356) * ovs: backports from upstream (BZ#2137358) * kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095) * [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214) * Fix panic in nbd/004 test (BZ#2139535) * Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141) * [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142169) 4. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.5. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2022:6535 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.5-x86_64 The image digest is sha256:fe4d499ac9fc7d12fcfccf3d6ae8a916c31e282d18adbebb0456c0fd6aef02c9 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.5-s390x The image digest is sha256:c816b9487177b51db60875c794679b6df41c74d522ca00376cb9f86f9b44b577 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.5-ppc64le The image digest is sha256:528174504037b4b9d8fda04bdad3f4acf7f68eeadb3a8fe2539f7a8a9bdff76a (For aarch64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.5-aarch64 The image digest is sha256:04d3f194379cdd1c0e8015fd51038967c5fdb2eff52c6c60645b3a9381ed5f04 All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 2024946 - Ingress Canary does not respect router sharding on default IngressController 2104825 - Installer creates unnecessary master_ingress_cluster_policy_controller security group rule 2108214 - Route status isn't always getting cleared with routeSelector updates 2108595 - etcd Dashboard should be removed on guest cluster of hypershift 2109193 - Power VS machine Processor is always defaulted to 0.5 2109887 - [UI] MultiClusterHub details after it's creation starts flickers, disappears and appears back (happened twice) 2110528 - Route status isn't always getting cleared with routeSelector updates 2111345 - should use the same value for AlertRelabelConfig with oc explain 2117424 - Backport: https://github.com/openshift/kubernetes/pull/1295 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-1007 - CVE-2021-3121 telemeter-container: [1924548] telemeter-container: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation [openshift-4] OCPBUGS-1070 - Update ODC owners OCPBUGS-1104 - package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgrade OCPBUGS-1145 - Bug 2085336 - [IPI-Azure] Fail to create the worker node which HyperVGenerations is V2 or V1 and vmNetworkingType is Accelerated OCPBUGS-1233 - [IPI] nodelink controller is not able to reconcile and match nodes and machines with logical interfaces defined by nmstate at baremetalhost creation OCPBUGS-1261 - Backport: https://github.com/openshift/kubernetes/pull/1295 OCPBUGS-393 - Setting disableNetworkDiagnostics: true does not persist when network-operator pod gets re-created OCPBUGS-455 - [vsphere] update install-config description for diskType OCPBUGS-524 - Plugin page error boundary message is not cleared after leaving page OCPBUGS-668 - Prefer local dns does not work expectedly on OCPv4.11 OCPBUGS-744 - [4.11] Spoke BMH stuck ?provisioning? after changing a BIOS attribute via the converged workflow OCPBUGS-746 - [4.11] Supermicro server FirmwareSchema CR does not contain allowable_values, attribute_type and read_only flag OCPBUGS-747 - [4.11] Disconnected IPI OCP cluster install on baremetal fails when hostname of master nodes does not include the text "master 6. CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 Various researchers discovered flaws in Intel processors, collectively referred to as MMIO Stale Data vulnerabilities, which may result in information leak to local users. For details please refer to https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html CVE-2022-21151 Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that for some Intel processors optimization removal or modification of security-critical code may result in information disclosure to local users. For the oldstable distribution (buster), these problems have been fixed in version 3.20220510.1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 3.20220510.1~deb11u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLFiNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QsfQ/7BFnYhmBMr5u1iyXJY79QkOuBFij/I7N5doGb/5m/LTbUOKgHKlI3XKqr NHbWZWQZVO7gexkZIdGSY2RnCtVS1oNkKxNzuFVxkPjbsRpJJBAyPqoY6JogDjhM 18jXAyZqB5tfZdGohiHBeVDsQwP5M3IPTdG2USoLOwcwd5+BK8ZgdrLrREDHo9mA +VJU8fhGRpdminz5MR2NPenu5jgG2JVKAhFRC8ioy92umF/5c/C6wRAyQsRid4lZ i+lzWAOQbUzvUGlomDrjqtSEn0fVQR2A0VoU+5AQnln8fODQmSLOHo/Ti00RuUUL 8WLfrKnfimXvTWnUeWKLCnHIRCbzLBfPa1EPbCagkD7XDkcYd+MWLm0C6RhUvBPN p3U9AbWstO4z2RjldX1DYUVeCR5zQqBT6pAY6G14MqIvuqrAodi9p0jgjOchdCUZ Hv4H6b0F7QusCZrj1onfe4//CG5AmN0D8E/QKCKNBplJmciVg2o/8R0hTfaKDK8v NhUYBkEWnG0zUlo93Qkapqc00j5i7cbXKbzRV3zPa42WtypoS8yd/tftZ6y7yBpa lHZOAVcfdDcN7jm9U9ZV3tVCCs3Cu5wb3ZYoYyhfEZBpEgCQ7YEEPQffTq9Y3LMN 4IUiKp8LINReMEEfV8My7PB2fX8dvti2lEQ/pJfAC/XKNoassd0= =8N2y -----END PGP SIGNATURE----- . Bugs fixed (https://bugzilla.redhat.com/): 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-1538 - Make northd probe interval default to 10 seconds OCPBUGS-1696 - All Nodes overview in console are showing "Something went wrong" OCPBUGS-2162 - Facing issue while configuring egress IP pool in OCP cluster which uses STS OCPBUGS-2171 - [4.10] cri-o should report the stage of container and pod creation it's stuck at OCPBUGS-2196 - Symptom Detection.Undiagnosed panic detected in pod OCPBUGS-2208 - [4.10] Dual stack cluster fails on installation when multi-path routing entries exist OCPBUGS-2448 - Downward API (annotations) is missing PCI information when using the tuning metaPlugin on SR-IOV Networks OCPBUGS-2464 - Add unit-test and gofmt support for ovn-kubernetes OCPBUGS-2523 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name OCPBUGS-2546 - Remove policy/v1beta1 in 4.10 and later OCPBUGS-2553 - [release-4.10] member loses rights after some other user login in openid / group sync OCPBUGS-2607 - [release-4.10] go.mod should beworking with golang-1.17 and golang-1.18 OCPBUGS-2622 - CI: Backend unit tests fails because devfile registry was updated (mock response) OCPBUGS-2628 - Worker creation fails within provider networks (as primary and secondary) OCPBUGS-450 - KubeDaemonSetRolloutStuck alert using incorrect metric in 4.9 and 4.10 OCPBUGS-691 - [2112237] [ Cluster storage Operator 4.x(10/11) ] DefaultStorageClassController report fake message "No default StorageClass for this platform" on Alicloud, IBM, Nutanix 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:6460-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6460 Issue date: 2022-09-13 CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Bug Fix(es): * Bad page state in process qemu-kvm pfn:68a74600 (BZ#2081013) * slub corruption during LPM of hnv interface (BZ#2081250) * Affinity broken due to vector space exhaustion (BZ#2084646) * 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079) * Unable to boot RHEL-8.6 on Brazos max. config (Install is success) (BZ#2092241) * kernel crash after reboot of T14/G2 AMD laptop (mt7921e module) (BZ#2095654) * mt7921: free resources on pci_probe error path (BZ#2101684) * NLM should be more defensive if underlying FS changes fl_owner (BZ#2102099) * RHEL8/async-pf Guest call trace when reboot after postcopy migration with high stress workload (BZ#2105340) * execve exit tracepoint not called (BZ#2106662) * QProcess dead lock on kernel-4.18.0-358 (BZ#2107643) * KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652) * KVM selftests fail to compile (BZ#2107655) * Some monitor have no display with AMD W6400 when boot into OS. (BZ#2109826) * Percpu counter usage is gradually getting increasing during podman container recreation. (BZ#2110039) * multipath failed to recover after EEH hit on flavafish adapter on Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768) * soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772) * trouble re-assigning MACs to VFs, ice stricter than other drivers (BZ#2111936) * Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030) * Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117026) * Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050) * kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410) * ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732) * bridge over bond over ice ports has no connection (BZ#2118580) * Fix max VLANs available for VF (BZ#2118581) * offline selftest failed (BZ#2118582) * INTEL NVMUpdate utility ver 3.20 is failing to update firmware on E810-XXVDA4T (WPC) (BZ#2118583) * VM configured with failover interface will coredump after been migrating from source host to target host(only iavf driver) (BZ#2118705) * Fix max VLANs available for untrusted VF (BZ#2118707) * Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset (BZ#2120776) Enhancement(s): * KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287) * KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288) * ice: Driver Update (BZ#2102359) * iavf: Driver Update (BZ#2102360) * iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-372.26.1.el8_6.src.rpm aarch64: bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm perf-4.18.0-372.26.1.el8_6.aarch64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm ppc64le: bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm s390x: bpftool-4.18.0-372.26.1.el8_6.s390x.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm perf-4.18.0-372.26.1.el8_6.s390x.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm x86_64: bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm perf-4.18.0-372.26.1.el8_6.x86_64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV 1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4 ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/ pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv a685GRAjoyY= =4AwP -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

bypass

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2024-12-20T21:27:35.630000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE