- Issued:
- 2022-03-17
- Updated:
- 2022-03-17
RHSA-2022:0958 - Important: kpatch-patch-4_18_0-147_58_1 security and bug fix update
Synopsis
Important: kpatch-patch-4_18_0-147_58_1 security and bug fix update
Type/Severity
Security Advisory Important
Topic
An update for kpatch-patch-4_18_0-147_58_1 is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
-
kernel: Use After Free in unix_gc() which could result in a local privilege escalation (CVE-2021-0920)
-
kernel: use-after-free in RDMA listen() (CVE-2021-4028)
-
kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
-
kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)
-
kernel: possible privileges escalation due to missing TLB flush (CVE-2022-0330)
-
kernel: cgroups v1 release_agent feature may allow privilege escalation (CVE-2022-0492)
-
kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Several kpatch CVEs needed for kernel-4.18.0-147.58.1.el8_1 (BZ#2064297)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 8.1 | x86_64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 8.1 | ppc64le |
Updated Packages
- kpatch-patch-4_18_0-147_58_1-1-1.el8_1.ppc64le.rpm
- kpatch-patch-4_18_0-147_58_1-debugsource-1-1.el8_1.ppc64le.rpm
- kpatch-patch-4_18_0-147_58_1-debugsource-1-1.el8_1.x86_64.rpm
- kpatch-patch-4_18_0-147_58_1-1-1.el8_1.src.rpm
- kpatch-patch-4_18_0-147_58_1-1-1.el8_1.x86_64.rpm
- kpatch-patch-4_18_0-147_58_1-debuginfo-1-1.el8_1.ppc64le.rpm
- kpatch-patch-4_18_0-147_58_1-debuginfo-1-1.el8_1.x86_64.rpm
Fixes
- This content is not included.BZ - 2027201
- This content is not included.BZ - 2029923
- This content is not included.BZ - 2031930
- This content is not included.BZ - 2034813
- This content is not included.BZ - 2042404
- This content is not included.BZ - 2044809
- This content is not included.BZ - 2051505
CVEs
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.