-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2022:6610-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6610 Issue date: 2022-09-20 CVE Names: CVE-2022-2078 CVE-2022-34918 =====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: heap overflow in nft_set_elem_init() (CVE-2022-34918)
* kernel: vulnerability of buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* RDMA/mlx5: Fix number of allocated XLT entries (BZ#2092270)
* mlx5, Setup hanged when run test-route-nexthop-object.sh (BZ#2092535)
* many call traces from unchecked MSR access error: WRMSR to 0x199 in amazon i4.32xlarge instance (BZ#2099417)
* X86/platform/UV: Kernel Support Fixes for UV5 platform (BZ#2107732)
* block layer: fixes for md sync slow and softlockup at blk_mq_sched_dispatch_requests [9.0.0.z] (BZ#2111395)
* Fixes for NVMe/TCP dereferences an invalid, non-canonical pointer, kernel panic (BZ#2117755)
* Adding missing nvme fix to RHEL-9.1 (BZ#2117756)
* nvme/tcp mistakenly uses blk_mq_tag_to_rq(nvme_tcp_tagset(queue) (BZ#2118698)
* Important ice bug fixes (BZ#2119290)
* Power 9/ppc64le Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command. (BZ#2121719)
Enhancement(s):
* lscpu does not show all of the support AMX flags (amx_int8, amx_bf16) (BZ#2108203)
* ice: Driver Update (BZ#2108204)
* iavf: Driver Update (BZ#2119477)
* i40e: Driver Update (BZ#2119479)
4. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
2096178 - CVE-2022-2078 kernel: Vulnerability of buffer overflow in nft_set_desc_concat_parse() 2104423 - CVE-2022-34918 kernel: heap overflow in nft_set_elem_init()
6. Package List:
Red Hat Enterprise Linux AppStream (v. 9):
aarch64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-devel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-headers-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm perf-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm
noarch: kernel-doc-5.14.0-70.26.1.el9_0.noarch.rpm
ppc64le: bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm
s390x: bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm kernel-headers-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-devel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-devel-matched-5.14.0-70.26.1.el9_0.s390x.rpm perf-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm
x86_64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-devel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-devel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-devel-matched-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-headers-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm perf-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 9):
Source: kernel-5.14.0-70.26.1.el9_0.src.rpm
aarch64: bpftool-5.14.0-70.26.1.el9_0.aarch64.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-core-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-modules-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm
noarch: kernel-abi-stablelists-5.14.0-70.26.1.el9_0.noarch.rpm
ppc64le: bpftool-5.14.0-70.26.1.el9_0.ppc64le.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-core-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-modules-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm
s390x: bpftool-5.14.0-70.26.1.el9_0.s390x.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-5.14.0-70.26.1.el9_0.s390x.rpm kernel-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-core-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-modules-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-modules-extra-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm
x86_64: bpftool-5.14.0-70.26.1.el9_0.x86_64.rpm bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-core-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-modules-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-modules-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-modules-extra-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-libs-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 9):
aarch64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.aarch64.rpm
ppc64le: bpftool-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.ppc64le.rpm
s390x: bpftool-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.26.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.s390x.rpm
x86_64: bpftool-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-cross-headers-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm kernel-tools-libs-devel-5.14.0-70.26.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.26.1.el9_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-2078 https://access.redhat.com/security/cve/CVE-2022-34918 https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYypfhdzjgjWX9erEAQjSpg//Y3ak+k0a3QlbNSwSEH9F0GLE0KOV9tk+ xPp+xXuUzNJ7iQ3+UhgksBs1faIBtvNgpURFZ2xsvIY3Z1TtuK0G7bBLffd0yO9J 6fTDVZmeeCrlmwrWtKCT/2rm10tAk/zQA2BftzG6M/1fcFjfKB1N/k+KXwp9Jt/n 1WC19sEAZWAUGW2Fxe7500HvN6Q/24EWPn2OcYGdXzS/XNqJwdK148OYg0A6pBtT hk7NOXMJr8fTABdg3BPnEXly1udTUgJnF0gvOl0tB6WNLxnHxc/61XnWIAk9/OYp DchPL+f7G/lH+5O2EgJG5OaFaUrznkbu8U1zEGOS1rZCdP9kMrX552P60jD4br4/ K1YASzwh6bp9UqJKtBEW6O2hX+s89o8Hzuyrdnz8Cy2AMD8Q0ceqnu8bTWhKHf/l daeLjh2vLXNRMeQZEpaYtiOOQNIGmVA1n/Zd1A+GoNcFmvGbQ4+G8l18GSvXc09V A0o5vL6fwssDeLCkuQi+pw5YBgvPC083Q9tQH9TS2Fr13unk5H3bj3duMzI4t0Ao g0E+jKR7VaVCA2B0syXr5XyWqKZ4pFIQZKq547LpdjivCLnvuD3WsTNwGxTkSm2u Aq0jQvXi2A2bZwd+PrsfWqAqVr9i7G3+vElmsPD9p6tajT4z/1iCbhC0YMqncE7P aCsumFjp/qg= =bwiS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
|