ID

VAR-202206-1186

CVE

CVE-2022-21125

TITLE

Red Hat Security Advisory 2022-6983-01

DESCRIPTION

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:6983-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6983 Issue date: 2022-10-18 CVE Names: CVE-2021-45485 CVE-2021-45486 CVE-2022-2588 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel (4.18.0). Security Fix(es): * A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * Information leak in the IPv6 implementation (CVE-2021-45485) * Information leak in the IPv4 implementation (CVE-2021-45486) * Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DR, Ignore modify TTL if ConnectX-5 doesn't support it (BZ#2075549) * execve exit tracepoint not called (BZ#2106663) * Unable to boot RHEL-8.6 on Brazos max. config (Install is success) (BZ#2107475) * "vmcore failed, _exitcode:139" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107490) * soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110773) * Allow substituting custom vmlinux.h for the build (BZ#2116407) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation 2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation 2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v.8.4): Source: kernel-4.18.0-305.65.1.el8_4.src.rpm aarch64: bpftool-4.18.0-305.65.1.el8_4.aarch64.rpm bpftool-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-core-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-cross-headers-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-core-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-devel-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-modules-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-devel-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-headers-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-modules-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-modules-extra-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-tools-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-tools-libs-4.18.0-305.65.1.el8_4.aarch64.rpm perf-4.18.0-305.65.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm python3-perf-4.18.0-305.65.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm noarch: kernel-abi-stablelists-4.18.0-305.65.1.el8_4.noarch.rpm kernel-doc-4.18.0-305.65.1.el8_4.noarch.rpm ppc64le: bpftool-4.18.0-305.65.1.el8_4.ppc64le.rpm bpftool-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-core-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-cross-headers-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-core-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-modules-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-headers-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-modules-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-modules-extra-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-tools-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-tools-libs-4.18.0-305.65.1.el8_4.ppc64le.rpm perf-4.18.0-305.65.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm python3-perf-4.18.0-305.65.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm s390x: bpftool-4.18.0-305.65.1.el8_4.s390x.rpm bpftool-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm kernel-4.18.0-305.65.1.el8_4.s390x.rpm kernel-core-4.18.0-305.65.1.el8_4.s390x.rpm kernel-cross-headers-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-core-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-devel-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-modules-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-305.65.1.el8_4.s390x.rpm kernel-devel-4.18.0-305.65.1.el8_4.s390x.rpm kernel-headers-4.18.0-305.65.1.el8_4.s390x.rpm kernel-modules-4.18.0-305.65.1.el8_4.s390x.rpm kernel-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm kernel-tools-4.18.0-305.65.1.el8_4.s390x.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-core-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-devel-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-modules-4.18.0-305.65.1.el8_4.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-305.65.1.el8_4.s390x.rpm perf-4.18.0-305.65.1.el8_4.s390x.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm python3-perf-4.18.0-305.65.1.el8_4.s390x.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.s390x.rpm x86_64: bpftool-4.18.0-305.65.1.el8_4.x86_64.rpm bpftool-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-core-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-cross-headers-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-core-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-devel-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-modules-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-modules-extra-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-devel-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-headers-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-modules-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-modules-extra-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-tools-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-tools-libs-4.18.0-305.65.1.el8_4.x86_64.rpm perf-4.18.0-305.65.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm python3-perf-4.18.0-305.65.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.4): aarch64: bpftool-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.aarch64.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.ppc64le.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debug-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-tools-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm kernel-tools-libs-devel-4.18.0-305.65.1.el8_4.x86_64.rpm perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm python3-perf-debuginfo-4.18.0-305.65.1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-2588 https://access.redhat.com/security/cve/CVE-2022-21123 https://access.redhat.com/security/cve/CVE-2022-21125 https://access.redhat.com/security/cve/CVE-2022-21166 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY06+8tzjgjWX9erEAQgCtA//f0ySJLrYcFKpxldWHCr7HnGpfBaXh4g/ XLr++MsSvHZX02L5L5+lx2o3K0ZlnBdb9J3K3JykN6cApvHJw3lwy3fyBU3gWFz/ exkwTvF6CdPs9CpsXGdpmdVd9jKDNub08KGemS4LL7VSI75Enleoe2vGNOOhlbIA O8taEzIfq4m4BX8VZwuflAYjsOFkV1ax0iiL2vcmF7deXZDrGk0axHEaXJLmP9w/ tD+VnoKSV2eQnirVCblG94WqOce20EUF4+o3WAYjkcueWdY4gLRjTOKdLrzUF7EI aDvZyvcxtvIWq+0CgC0NBb9mbvQjsr7jdDT4MnERyePFlQNInKR5YKKbnS9Blw5p OM6o8/nxjKAOxDNe1ob9AaPOhu/nxKVVgEiq0pn603ZMZPGGtkP2QclCvPZ7NOyH J1G/89l2sbSK5d+d+Z7v2/CXimogCqaW9F2ysrkxYVIE8LDSCeqZttyHtOFI0yrm 3OJfJfLJFcz/8beY7hXWWGQ697IJNl8uymY7SdPk47ulec7FTSrax8F9DcI+bn1q qG4ekwG6BOycTH7epRRVCKwiRglhJwoO4zDZsEsjyTsAg0HUdo7MYsU3l4IGJeLO 26YmdgdRAagVGiEBdlH9dNwI5GjtOP3JhCy4qUErGNrRRV/otEbdQvLBSbQOUBLY n4FMroQf7Lo=5/cJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security fixes: * golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629) * moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129) * nodejs16: CRLF injection in node-undici (CVE-2022-31150) * nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151) * vm2: Sandbox Escape in vm2 (CVE-2022-36067) Bug fixes: * RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540) * vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766) * cluster update status is stuck, also update is not even visible (BZ# 2079418) * Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486) * Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490) * ACM Console Becomes Unusable After a Time (BZ# 2097464) * RHACM 2.4.6 images (BZ# 2100613) * Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436) * ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495) 3. Bugs fixed (https://bugzilla.redhat.com/): 2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2 5. ========================================================================== Ubuntu Security Notice USN-5485-1 June 17, 2022 linux, linux-aws, linux-aws-hwe, linux-aws-5.13, linux-aws-5.4, linux-azure, linux-azure-4.15, linux-azure-5.13, linux-azure-5.4, linux-azure-fde, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gcp-5.13, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe, linux-hwe-5.13, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-intel-5.13, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-oracle, linux-oracle-5.13, linux-oracle-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were addressed in the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21125) It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.15.0-1009-ibm 5.15.0-1009.11 linux-image-5.15.0-1010-gcp 5.15.0-1010.15 linux-image-5.15.0-1010-gke 5.15.0-1010.13 linux-image-5.15.0-1010-intel-iotg 5.15.0-1010.14 linux-image-5.15.0-1011-oracle 5.15.0-1011.15 linux-image-5.15.0-1012-azure 5.15.0-1012.15 linux-image-5.15.0-1012-kvm 5.15.0-1012.14 linux-image-5.15.0-1013-aws 5.15.0-1013.17 linux-image-5.15.0-39-generic 5.15.0-39.42 linux-image-5.15.0-39-generic-64k 5.15.0-39.42 linux-image-5.15.0-39-generic-lpae 5.15.0-39.42 linux-image-5.15.0-39-lowlatency 5.15.0-39.42 linux-image-5.15.0-39-lowlatency-64k 5.15.0-39.42 linux-image-aws 5.15.0.1013.13 linux-image-azure 5.15.0.1012.11 linux-image-gcp 5.15.0.1010.9 linux-image-generic 5.15.0.39.40 linux-image-generic-hwe-22.04 5.15.0.39.40 linux-image-generic-lpae 5.15.0.39.40 linux-image-generic-lpae-hwe-22.04 5.15.0.39.40 linux-image-gke 5.15.0.1010.13 linux-image-gke-5.15 5.15.0.1010.13 linux-image-ibm 5.15.0.1009.8 linux-image-intel-iotg 5.15.0.1010.10 linux-image-kvm 5.15.0.1012.10 linux-image-lowlatency 5.15.0.39.38 linux-image-lowlatency-hwe-22.04 5.15.0.39.38 linux-image-oem-20.04 5.15.0.39.40 linux-image-oracle 5.15.0.1011.9 linux-image-virtual 5.15.0.39.40 linux-image-virtual-hwe-22.04 5.15.0.39.40 Ubuntu 21.10: linux-image-5.13.0-1030-kvm 5.13.0-1030.33 linux-image-5.13.0-1031-aws 5.13.0-1031.35 linux-image-5.13.0-1031-azure 5.13.0-1031.37 linux-image-5.13.0-1033-gcp 5.13.0-1033.40 linux-image-5.13.0-1036-oracle 5.13.0-1036.43 linux-image-5.13.0-51-generic 5.13.0-51.58 linux-image-5.13.0-51-generic-lpae 5.13.0-51.58 linux-image-5.13.0-51-lowlatency 5.13.0-51.58 linux-image-aws 5.13.0.1031.29 linux-image-azure 5.13.0.1031.28 linux-image-gcp 5.13.0.1033.28 linux-image-generic 5.13.0.51.57 linux-image-generic-lpae 5.13.0.51.57 linux-image-gke 5.13.0.1033.28 linux-image-kvm 5.13.0.1030.27 linux-image-lowlatency 5.13.0.51.57 linux-image-oem-20.04 5.13.0.51.57 linux-image-oracle 5.13.0.1036.33 linux-image-virtual 5.13.0.51.57 Ubuntu 20.04 LTS: linux-image-5.13.0-1017-intel 5.13.0-1017.19 linux-image-5.13.0-1031-aws 5.13.0-1031.35~20.04.1 linux-image-5.13.0-1031-azure 5.13.0-1031.37~20.04.1 linux-image-5.13.0-1033-gcp 5.13.0-1033.40~20.04.1 linux-image-5.13.0-1036-oracle 5.13.0-1036.43~20.04.1 linux-image-5.13.0-51-generic 5.13.0-51.58~20.04.1 linux-image-5.13.0-51-generic-64k 5.13.0-51.58~20.04.1 linux-image-5.13.0-51-generic-lpae 5.13.0-51.58~20.04.1 linux-image-5.13.0-51-lowlatency 5.13.0-51.58~20.04.1 linux-image-5.4.0-1028-ibm 5.4.0-1028.32 linux-image-5.4.0-1048-gkeop 5.4.0-1048.51 linux-image-5.4.0-1070-kvm 5.4.0-1070.75 linux-image-5.4.0-1076-gke 5.4.0-1076.82 linux-image-5.4.0-1078-oracle 5.4.0-1078.86 linux-image-5.4.0-1080-aws 5.4.0-1080.87 linux-image-5.4.0-1080-gcp 5.4.0-1080.87 linux-image-5.4.0-1085-azure 5.4.0-1085.90 linux-image-5.4.0-1085-azure-fde 5.4.0-1085.90+cvm1.1 linux-image-5.4.0-120-generic 5.4.0-120.136 linux-image-5.4.0-120-generic-lpae 5.4.0-120.136 linux-image-5.4.0-120-lowlatency 5.4.0-120.136 linux-image-aws 5.13.0.1031.35~20.04.25 linux-image-aws-lts-20.04 5.4.0.1080.80 linux-image-azure 5.13.0.1031.37~20.04.20 linux-image-azure-fde 5.4.0.1085.90+cvm1.25 linux-image-azure-lts-20.04 5.4.0.1085.82 linux-image-gcp 5.13.0.1033.40~20.04.1 linux-image-gcp-lts-20.04 5.4.0.1080.86 linux-image-generic 5.4.0.120.121 linux-image-generic-hwe-20.04 5.13.0.51.58~20.04.31 linux-image-generic-lpae 5.4.0.120.121 linux-image-generic-lpae-hwe-20.04 5.13.0.51.58~20.04.31 linux-image-gke 5.4.0.1076.84 linux-image-gke-5.4 5.4.0.1076.84 linux-image-gkeop 5.4.0.1048.49 linux-image-gkeop-5.4 5.4.0.1048.49 linux-image-ibm 5.4.0.1028.25 linux-image-ibm-lts-20.04 5.4.0.1028.25 linux-image-intel 5.13.0.1017.15 linux-image-kvm 5.4.0.1070.67 linux-image-lowlatency 5.4.0.120.121 linux-image-lowlatency-hwe-20.04 5.13.0.51.58~20.04.31 linux-image-oem 5.4.0.120.121 linux-image-oem-osp1 5.4.0.120.121 linux-image-oracle 5.13.0.1036.43~20.04.1 linux-image-oracle-lts-20.04 5.4.0.1078.76 linux-image-virtual 5.4.0.120.121 linux-image-virtual-hwe-20.04 5.13.0.51.58~20.04.31 Ubuntu 18.04 LTS: linux-image-4.15.0-1048-dell300x 4.15.0-1048.53 linux-image-4.15.0-1101-oracle 4.15.0-1101.112 linux-image-4.15.0-1122-kvm 4.15.0-1122.127 linux-image-4.15.0-1130-gcp 4.15.0-1130.146 linux-image-4.15.0-1136-aws 4.15.0-1136.147 linux-image-4.15.0-1145-azure 4.15.0-1145.160 linux-image-4.15.0-187-generic 4.15.0-187.198 linux-image-4.15.0-187-generic-lpae 4.15.0-187.198 linux-image-4.15.0-187-lowlatency 4.15.0-187.198 linux-image-5.4.0-1028-ibm 5.4.0-1028.32~18.04.1 linux-image-5.4.0-1048-gkeop 5.4.0-1048.51~18.04.1 linux-image-5.4.0-1076-gke 5.4.0-1076.82~18.04.1 linux-image-5.4.0-1078-oracle 5.4.0-1078.86~18.04.1 linux-image-5.4.0-1080-aws 5.4.0-1080.87~18.04.1 linux-image-5.4.0-1080-gcp 5.4.0-1080.87~18.04.1 linux-image-5.4.0-1085-azure 5.4.0-1085.90~18.04.1 linux-image-5.4.0-120-generic 5.4.0-120.136~18.04.1 linux-image-5.4.0-120-generic-lpae 5.4.0-120.136~18.04.1 linux-image-5.4.0-120-lowlatency 5.4.0-120.136~18.04.1 linux-image-aws 5.4.0.1080.60 linux-image-aws-lts-18.04 4.15.0.1136.136 linux-image-azure 5.4.0.1085.62 linux-image-azure-lts-18.04 4.15.0.1145.115 linux-image-dell300x 4.15.0.1048.48 linux-image-gcp 5.4.0.1080.61 linux-image-gcp-lts-18.04 4.15.0.1130.146 linux-image-generic 4.15.0.187.173 linux-image-generic-hwe-18.04 5.4.0.120.136~18.04.100 linux-image-generic-lpae 4.15.0.187.173 linux-image-generic-lpae-hwe-18.04 5.4.0.120.136~18.04.100 linux-image-gke-5.4 5.4.0.1076.82~18.04.38 linux-image-gkeop-5.4 5.4.0.1048.51~18.04.45 linux-image-ibm 5.4.0.1028.42 linux-image-kvm 4.15.0.1122.115 linux-image-lowlatency 4.15.0.187.173 linux-image-lowlatency-hwe-18.04 5.4.0.120.136~18.04.100 linux-image-oem 5.4.0.120.136~18.04.100 linux-image-oem-osp1 5.4.0.120.136~18.04.100 linux-image-oracle 5.4.0.1078.86~18.04.55 linux-image-oracle-lts-18.04 4.15.0.1101.108 linux-image-snapdragon-hwe-18.04 5.4.0.120.136~18.04.100 linux-image-virtual 4.15.0.187.173 linux-image-virtual-hwe-18.04 5.4.0.120.136~18.04.100 Ubuntu 16.04 ESM: linux-image-4.15.0-1101-oracle 4.15.0-1101.112~16.04.1 linux-image-4.15.0-1130-gcp 4.15.0-1130.146~16.04.1 linux-image-4.15.0-1136-aws-hwe 4.15.0-1136.147~16.04.1 linux-image-4.15.0-1145-azure 4.15.0-1145.160~16.04.1 linux-image-4.15.0-187-generic 4.15.0-187.198~16.04.1 linux-image-4.15.0-187-lowlatency 4.15.0-187.198~16.04.1 linux-image-aws-hwe 4.15.0.1136.123 linux-image-azure 4.15.0.1145.132 linux-image-gcp 4.15.0.1130.127 linux-image-generic-hwe-16.04 4.15.0.187.174 linux-image-gke 4.15.0.1130.127 linux-image-lowlatency-hwe-16.04 4.15.0.187.174 linux-image-oem 4.15.0.187.174 linux-image-oracle 4.15.0.1101.86 linux-image-virtual-hwe-16.04 4.15.0.187.174 Ubuntu 14.04 ESM: linux-image-4.15.0-1145-azure 4.15.0-1145.160~14.04.1 linux-image-azure 4.15.0.1145.114 Please note that fully mitigating processor vulnerabilities requires corresponding processor microcode/firmware updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. Bugs fixed (https://bugzilla.redhat.com/): 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 5. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. For additional information please refer to the following pages: https://xenbits.xen.org/xsa/advisory-404.html https://xenbits.xen.org/xsa/advisory-407.html For the stable distribution (bullseye), these problems have been fixed in version 4.14.5+24-g87d90d511c-1. We recommend that you upgrade your xen packages. For the detailed security status of xen please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xen Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLRp7MACgkQEMKTtsN8 TjbUmQ/+PCIyYjQJgGT14YBFpKnI/JjdBNRUAlSMK7k3fPhk+J8sQrRx5MqwxRm3 poejebvnbn2KS1Z/NVaiPnS40ryOOUnLBKVDAHqRvnvrc2GwEblGCmUVaBn+cn4M 2OCG2wfpgSDk4sk83obDY1qcQW/676eGY47ULwkG9C+n6wNC8FParq71sCA6UQqy XSWlU7o7pc17l8B1c2yTzfdDeXjSaXe9pavxNXDrowLi7taeTn5GwzhH4x1fPWrs rGHCY8+Kk8Vq8jEIYmZA7bvKuIFcWkcdQpxcAtbgUvtCRzaid19tcf9McvltivKe HaHQhkDJxg32DHcefXMNsh+F0pgXoodh97PdqWtjs49jAkaNZb37Eyn4n7Qt4APm 4oKAT+QA5wYmfDsBzgAczzV9zgY3/nRvYKNH6q9VMOFE3gZfzdzvyHzpegf2VVtf 7DuJKTi61tlt6aSzcDHlzdUAwW7sHXKFLRxgQu6tFD7NbEHzgj0iBlcFOnKDwa2s hHOE6Hlj1GXZUKjol5pRjnM33qGMJmRhnq45qqWaGe21r+EFw2HTAyCacJciPX+a QZ4LEy5+zmc8LFBcZq9kZAVkc91EtTiTPjffqHaVd4eAZvxtgCbqdXFdyRZa9ZRD +2+e1dRoiIF6L5PotQygXyKwvxU8ca6Ni9isvit3brbLjcGjhZk= =pXvE -----END PGP SIGNATURE----- . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112) 4. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2022:7210 Space precludes documenting all of the container images in this advisory. You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-x86_64 The image digest is sha256:59d7ac85da072fea542d7c43498e764c72933e306117a105eac7bd5dda4e6bbe (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-s390x The image digest is sha256:6b243bd6078b0a0e570c7bdf88a345f0c145009f929844f4c8ceb4dc828c0a7a (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-ppc64le The image digest is sha256:e28554de454e8955fe72cd124fa9893e2c1761d39452e05610ec062d637baf2e (For aarch64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-aarch64 The image digest is sha256:cc0860b33c3631ee3624cc280d796fb01ce8f802c5d7ecde8ef4010aad941dc0 All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 3. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2092918 - CVE-2022-30321 go-getter: unsafe download (issue 1 of 3) 2092923 - CVE-2022-30322 go-getter: unsafe download (issue 2 of 3) 2092925 - CVE-2022-30323 go-getter: unsafe download (issue 3 of 3) 2092928 - CVE-2022-26945 go-getter: command injection vulnerability 5. JIRA issues fixed (https://issues.jboss.org/): OCPBUGS-1538 - Make northd probe interval default to 10 seconds OCPBUGS-1696 - All Nodes overview in console are showing "Something went wrong" OCPBUGS-2162 - Facing issue while configuring egress IP pool in OCP cluster which uses STS OCPBUGS-2171 - [4.10] cri-o should report the stage of container and pod creation it's stuck at OCPBUGS-2196 - Symptom Detection.Undiagnosed panic detected in pod OCPBUGS-2208 - [4.10] Dual stack cluster fails on installation when multi-path routing entries exist OCPBUGS-2448 - Downward API (annotations) is missing PCI information when using the tuning metaPlugin on SR-IOV Networks OCPBUGS-2464 - Add unit-test and gofmt support for ovn-kubernetes OCPBUGS-2523 - e2e tests: Installs Red Hat Integration - 3scale operator test is failing due to change of Operator name OCPBUGS-2546 - Remove policy/v1beta1 in 4.10 and later OCPBUGS-2553 - [release-4.10] member loses rights after some other user login in openid / group sync OCPBUGS-2607 - [release-4.10] go.mod should beworking with golang-1.17 and golang-1.18 OCPBUGS-2622 - CI: Backend unit tests fails because devfile registry was updated (mock response) OCPBUGS-2628 - Worker creation fails within provider networks (as primary and secondary) OCPBUGS-450 - KubeDaemonSetRolloutStuck alert using incorrect metric in 4.9 and 4.10 OCPBUGS-691 - [2112237] [ Cluster storage Operator 4.x(10/11) ] DefaultStorageClassController report fake message "No default StorageClass for this platform" on Alicloud, IBM, Nutanix 6

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

bypass

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-02-06T20:06:30.014000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE