RHSA-2023:2736

Description

Red Hat Security Advisory: kernel-rt security and bug fix update

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•kernel-rt

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-core

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-core

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-debuginfo

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-devel

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-kvm

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-modules

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debug-modules-extra

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debuginfo

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-debuginfo-common-x86_64

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-devel

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-kvm

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-modules

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

• redhat•kernel-rt-modules-extra

  < 0:4.18.0-477.10.1.rt7.274.el8_8 | < 0:4.18.0-477.10.1.rt7.274.el8_8

References (236)

• https://access.redhat.com/errata/RHSA-2023:2736
• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
• https://bugzilla.redhat.com/show_bug.cgi?id=2055499
• https://bugzilla.redhat.com/show_bug.cgi?id=2061703
• https://bugzilla.redhat.com/show_bug.cgi?id=2078466
• https://bugzilla.redhat.com/show_bug.cgi?id=2084125
• https://bugzilla.redhat.com/show_bug.cgi?id=2085300
• https://bugzilla.redhat.com/show_bug.cgi?id=2090723
• https://bugzilla.redhat.com/show_bug.cgi?id=2108691
• https://bugzilla.redhat.com/show_bug.cgi?id=2108696
• https://bugzilla.redhat.com/show_bug.cgi?id=2114937
• https://bugzilla.redhat.com/show_bug.cgi?id=2122228
• https://bugzilla.redhat.com/show_bug.cgi?id=2122960
• https://bugzilla.redhat.com/show_bug.cgi?id=2123056
• https://bugzilla.redhat.com/show_bug.cgi?id=2124788
• https://bugzilla.redhat.com/show_bug.cgi?id=2127985
• https://bugzilla.redhat.com/show_bug.cgi?id=2130141
• https://bugzilla.redhat.com/show_bug.cgi?id=2133483
• https://bugzilla.redhat.com/show_bug.cgi?id=2134377
• https://bugzilla.redhat.com/show_bug.cgi?id=2134451
• https://bugzilla.redhat.com/show_bug.cgi?id=2134506
• https://bugzilla.redhat.com/show_bug.cgi?id=2134517
• https://bugzilla.redhat.com/show_bug.cgi?id=2134528
• https://bugzilla.redhat.com/show_bug.cgi?id=2137979
• https://bugzilla.redhat.com/show_bug.cgi?id=2143893
• https://bugzilla.redhat.com/show_bug.cgi?id=2143943
• https://bugzilla.redhat.com/show_bug.cgi?id=2144720
• https://bugzilla.redhat.com/show_bug.cgi?id=2150947
• https://bugzilla.redhat.com/show_bug.cgi?id=2150960
• https://bugzilla.redhat.com/show_bug.cgi?id=2150979
• https://bugzilla.redhat.com/show_bug.cgi?id=2150999
• https://bugzilla.redhat.com/show_bug.cgi?id=2151270
• https://bugzilla.redhat.com/show_bug.cgi?id=2154171
• https://bugzilla.redhat.com/show_bug.cgi?id=2154235
• https://bugzilla.redhat.com/show_bug.cgi?id=2160023
• https://bugzilla.redhat.com/show_bug.cgi?id=2162120
• https://bugzilla.redhat.com/show_bug.cgi?id=2165721
• https://bugzilla.redhat.com/show_bug.cgi?id=2168246
• https://bugzilla.redhat.com/show_bug.cgi?id=2168297
• https://bugzilla.redhat.com/show_bug.cgi?id=2176192
• https://bugzilla.redhat.com/show_bug.cgi?id=2180936
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2736.json
• https://access.redhat.com/security/cve/CVE-2021-26341
• https://www.cve.org/CVERecord?id=CVE-2021-26341
• https://nvd.nist.gov/vuln/detail/CVE-2021-26341
• https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
• https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1026
• https://www.amd.com/system/files/documents/software-techniques-for-managing-speculation.pdf
• https://access.redhat.com/security/cve/CVE-2021-33655
• https://www.cve.org/CVERecord?id=CVE-2021-33655
• https://nvd.nist.gov/vuln/detail/CVE-2021-33655
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=086ff84617185393a0bbf25830c4f36412a7d3f4
• https://access.redhat.com/security/cve/CVE-2021-33656
• https://www.cve.org/CVERecord?id=CVE-2021-33656
• https://nvd.nist.gov/vuln/detail/CVE-2021-33656
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/releases/5.10.127/vt-drop-old-font-ioctls.patch
• https://access.redhat.com/security/cve/CVE-2021-47592
• https://bugzilla.redhat.com/show_bug.cgi?id=2293235
• https://www.cve.org/CVERecord?id=CVE-2021-47592
• https://nvd.nist.gov/vuln/detail/CVE-2021-47592
• https://lore.kernel.org/linux-cve-announce/2024061919-CVE-2021-47592-7ca6@gregkh/T
• https://access.redhat.com/security/cve/CVE-2022-1462
• https://www.cve.org/CVERecord?id=CVE-2022-1462
• https://nvd.nist.gov/vuln/detail/CVE-2022-1462
• https://seclists.org/oss-sec/2022/q2/155
• https://access.redhat.com/security/cve/CVE-2022-1679
• https://www.cve.org/CVERecord?id=CVE-2022-1679
• https://nvd.nist.gov/vuln/detail/CVE-2022-1679
• https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/
• https://access.redhat.com/security/cve/CVE-2022-1789
• https://www.cve.org/CVERecord?id=CVE-2022-1789
• https://nvd.nist.gov/vuln/detail/CVE-2022-1789
• https://github.com/advisories/GHSA-v8pq-23qj-q7x7
• https://www.openwall.com/lists/oss-security/2022/05/25/2
• https://access.redhat.com/security/cve/CVE-2022-2196
• https://www.cve.org/CVERecord?id=CVE-2022-2196
• https://nvd.nist.gov/vuln/detail/CVE-2022-2196
• https://access.redhat.com/security/cve/CVE-2022-2663
• https://www.cve.org/CVERecord?id=CVE-2022-2663
• https://nvd.nist.gov/vuln/detail/CVE-2022-2663
• https://lore.kernel.org/netfilter-devel/20220826045658.100360-1-dgl@dgl.cx/T/
• https://access.redhat.com/security/cve/CVE-2022-3028
• https://www.cve.org/CVERecord?id=CVE-2022-3028
• https://nvd.nist.gov/vuln/detail/CVE-2022-3028
• https://github.com/torvalds/linux/commit/ba953a9d89a00c078b85f4b190bc1dde66fe16b5
• https://access.redhat.com/security/cve/CVE-2022-3239
• https://www.cve.org/CVERecord?id=CVE-2022-3239
• https://nvd.nist.gov/vuln/detail/CVE-2022-3239
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c08eadca1bdfa099e20a32f8fa4b52b2f672236d
• https://access.redhat.com/security/cve/CVE-2022-3522
• https://www.cve.org/CVERecord?id=CVE-2022-3522
• https://nvd.nist.gov/vuln/detail/CVE-2022-3522
• https://lore.kernel.org/all/20221004193400.110155-3-peterx@redhat.com/T/#u
• https://access.redhat.com/security/cve/CVE-2022-3524
• https://www.cve.org/CVERecord?id=CVE-2022-3524
• https://nvd.nist.gov/vuln/detail/CVE-2022-3524
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c52c6bb831f6335c176a0fc7214e26f43adbd11
• https://access.redhat.com/security/cve/CVE-2022-3564
• https://www.cve.org/CVERecord?id=CVE-2022-3564
• https://nvd.nist.gov/vuln/detail/CVE-2022-3564
• https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1
• https://access.redhat.com/security/cve/CVE-2022-3566
• https://www.cve.org/CVERecord?id=CVE-2022-3566
• https://nvd.nist.gov/vuln/detail/CVE-2022-3566
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57
• https://access.redhat.com/security/cve/CVE-2022-3567
• https://www.cve.org/CVERecord?id=CVE-2022-3567
• https://nvd.nist.gov/vuln/detail/CVE-2022-3567
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=364f997b5cfe1db0d63a390fe7c801fa2b3115f6
• https://access.redhat.com/security/cve/CVE-2022-3619
• https://www.cve.org/CVERecord?id=CVE-2022-3619
• https://nvd.nist.gov/vuln/detail/CVE-2022-3619
• https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=97097c85c088e11651146da32a4e1cdb9dfa6193
• https://vuldb.com/?id.211918
• https://access.redhat.com/security/cve/CVE-2022-3623
• https://www.cve.org/CVERecord?id=CVE-2022-3623
• https://nvd.nist.gov/vuln/detail/CVE-2022-3623
• https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=fac35ba763ed07ba93154c95ffc0c4a55023707f
• https://access.redhat.com/security/cve/CVE-2022-3625
• https://www.cve.org/CVERecord?id=CVE-2022-3625
• https://nvd.nist.gov/vuln/detail/CVE-2022-3625
• https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=6b4db2e528f650c7fb712961aac36455468d5902
• https://access.redhat.com/security/cve/CVE-2022-3628
• https://www.cve.org/CVERecord?id=CVE-2022-3628
• https://nvd.nist.gov/vuln/detail/CVE-2022-3628
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fweh.c?id=6788ba8aed4e28e90f72d68a9d794e34eac17295
• https://seclists.org/oss-sec/2022/q4/60
• https://access.redhat.com/security/cve/CVE-2022-3707
• https://www.cve.org/CVERecord?id=CVE-2022-3707
• https://nvd.nist.gov/vuln/detail/CVE-2022-3707
• https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/
• https://access.redhat.com/security/cve/CVE-2022-4129
• https://www.cve.org/CVERecord?id=CVE-2022-4129
• https://nvd.nist.gov/vuln/detail/CVE-2022-4129
• https://access.redhat.com/security/cve/CVE-2022-4662
• https://bugzilla.redhat.com/show_bug.cgi?id=2155788
• https://www.cve.org/CVERecord?id=CVE-2022-4662
• https://nvd.nist.gov/vuln/detail/CVE-2022-4662
• https://lore.kernel.org/all/20220913140355.910732567@linuxfoundation.org/
• https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/
• https://access.redhat.com/security/cve/CVE-2022-20141
• https://www.cve.org/CVERecord?id=CVE-2022-20141
• https://nvd.nist.gov/vuln/detail/CVE-2022-20141
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/igmp.c?h=v5.19&id=23d2b94043ca8835bd1e67749020e839f396a1c2
• https://access.redhat.com/security/cve/CVE-2022-25265
• https://www.cve.org/CVERecord?id=CVE-2022-25265
• https://nvd.nist.gov/vuln/detail/CVE-2022-25265
• https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294
• https://github.com/x0reaxeax/exec-prot-bypass
• https://access.redhat.com/security/cve/CVE-2022-30594
• https://www.cve.org/CVERecord?id=CVE-2022-30594
• https://nvd.nist.gov/vuln/detail/CVE-2022-30594
• https://access.redhat.com/security/cve/CVE-2022-36879
• https://bugzilla.redhat.com/show_bug.cgi?id=2119855
• https://www.cve.org/CVERecord?id=CVE-2022-36879
• https://nvd.nist.gov/vuln/detail/CVE-2022-36879
• https://access.redhat.com/security/cve/CVE-2022-39188
• https://www.cve.org/CVERecord?id=CVE-2022-39188
• https://nvd.nist.gov/vuln/detail/CVE-2022-39188
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2329
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15
• https://lore.kernel.org/stable/20220831191348.3388208-1-jannh@google.com/T/#u
• https://access.redhat.com/security/cve/CVE-2022-39189
• https://www.cve.org/CVERecord?id=CVE-2022-39189
• https://nvd.nist.gov/vuln/detail/CVE-2022-39189
• https://bugs.chromium.org/p/project-zero/issues/detail?id=2309
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd88243c7e03845a450795e134b488fc2afb736
• https://access.redhat.com/security/cve/CVE-2022-41218
• https://www.cve.org/CVERecord?id=CVE-2022-41218
• https://nvd.nist.gov/vuln/detail/CVE-2022-41218
• https://lore.kernel.org/all/20220908132754.30532-1-tiwai@suse.de/
• https://access.redhat.com/security/cve/CVE-2022-41674
• https://www.cve.org/CVERecord?id=CVE-2022-41674
• https://nvd.nist.gov/vuln/detail/CVE-2022-41674
• https://www.openwall.com/lists/oss-security/2022/10/13/2
• https://access.redhat.com/security/cve/CVE-2022-42703
• https://www.cve.org/CVERecord?id=CVE-2022-42703
• https://nvd.nist.gov/vuln/detail/CVE-2022-42703
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b
• https://access.redhat.com/security/cve/CVE-2022-42720
• https://www.cve.org/CVERecord?id=CVE-2022-42720
• https://nvd.nist.gov/vuln/detail/CVE-2022-42720
• https://access.redhat.com/security/cve/CVE-2022-42721
• https://www.cve.org/CVERecord?id=CVE-2022-42721
• https://nvd.nist.gov/vuln/detail/CVE-2022-42721
• https://access.redhat.com/security/cve/CVE-2022-42722
• https://www.cve.org/CVERecord?id=CVE-2022-42722
• https://nvd.nist.gov/vuln/detail/CVE-2022-42722
• https://access.redhat.com/security/cve/CVE-2022-43750
• https://www.cve.org/CVERecord?id=CVE-2022-43750
• https://nvd.nist.gov/vuln/detail/CVE-2022-43750
• https://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198
• https://access.redhat.com/security/cve/CVE-2022-47929
• https://www.cve.org/CVERecord?id=CVE-2022-47929
• https://nvd.nist.gov/vuln/detail/CVE-2022-47929
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96398560f26aa07e8f2969d73c8197e6a6d10407
• https://access.redhat.com/security/cve/CVE-2022-48695
• https://bugzilla.redhat.com/show_bug.cgi?id=2278999
• https://www.cve.org/CVERecord?id=CVE-2022-48695
• https://nvd.nist.gov/vuln/detail/CVE-2022-48695
• https://lore.kernel.org/linux-cve-announce/2024050348-CVE-2022-48695-8a9e@gregkh/T
• https://access.redhat.com/security/cve/CVE-2023-0394
• https://www.cve.org/CVERecord?id=CVE-2023-0394
• https://nvd.nist.gov/vuln/detail/CVE-2023-0394
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17
• https://www.openwall.com/lists/oss-security/2023/01/18/2
• https://access.redhat.com/security/cve/CVE-2023-0461
• https://www.cve.org/CVERecord?id=CVE-2023-0461
• https://nvd.nist.gov/vuln/detail/CVE-2023-0461
• https://github.com/torvalds/linux/commit/2c02d41d71f90a5168391b6a5f2954112ba2307c
• https://access.redhat.com/security/cve/CVE-2023-1095
• https://bugzilla.redhat.com/show_bug.cgi?id=2173973
• https://www.cve.org/CVERecord?id=CVE-2023-1095
• https://nvd.nist.gov/vuln/detail/CVE-2023-1095
• https://access.redhat.com/security/cve/CVE-2023-1195
• https://www.cve.org/CVERecord?id=CVE-2023-1195
• https://nvd.nist.gov/vuln/detail/CVE-2023-1195
• https://github.com/torvalds/linux/commit/153695d36ead0ccc4d0256953c751cabf673e621
• https://access.redhat.com/security/cve/CVE-2023-1582
• https://www.cve.org/CVERecord?id=CVE-2023-1582
• https://nvd.nist.gov/vuln/detail/CVE-2023-1582
• https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0@kroah.com/
• https://access.redhat.com/security/cve/CVE-2023-2177
• https://bugzilla.redhat.com/show_bug.cgi?id=2187953
• https://www.cve.org/CVERecord?id=CVE-2023-2177
• https://nvd.nist.gov/vuln/detail/CVE-2023-2177
• https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0
• https://access.redhat.com/security/cve/CVE-2023-22998
• https://bugzilla.redhat.com/show_bug.cgi?id=2182429
• https://www.cve.org/CVERecord?id=CVE-2023-22998
• https://nvd.nist.gov/vuln/detail/CVE-2023-22998
• https://access.redhat.com/security/cve/CVE-2023-23454
• https://www.cve.org/CVERecord?id=CVE-2023-23454
• https://nvd.nist.gov/vuln/detail/CVE-2023-23454
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12