[RHSA-2023:0854] kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
RHEL8-RT: Backport use of a dedicate thread for timer wakeups (BZ#2127204)
SNO Crashed twice - kernel BUG at lib/list_debug.c:28 (BZ#2132062)
Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel RT-8
scheduling while atomic in fpu_clone() -> fpu_inherit_perms() (BZ#2154469)
The latest RHEL 8.7.z2 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2159806)
- ID
- RHSA-2023:0854
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2023:0854
- Published
-
2023-02-21T00:00:00
(19 months ago) - Modified
-
2023-02-21T00:00:00
(19 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALSA-2023:0334
- ALSA-2023:0832
- ALSA-2023:0951
- DSA-5324-1
- DSA-5730-1
- ELSA-2023-0334
- ELSA-2023-0832
- ELSA-2023-0951
- ELSA-2023-12160
- ELSA-2023-12199
- ELSA-2023-12200
- ELSA-2023-12206
- ELSA-2023-12207
- MS:CVE-2022-2873
- MS:CVE-2022-41222
- MS:CVE-2022-43945
- RHSA-2023:0300
- RHSA-2023:0334
- RHSA-2023:0348
- RHSA-2023:0832
- RHSA-2023:0839
- RHSA-2023:0951
- RHSA-2023:0979
- RLSA-2023:0334
- RLSA-2023:0832
- SSA:2022-237-02
- SSA:2022-333-01
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3606-1
- SUSE-SU-2022:3607-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3648-1
- SUSE-SU-2022:3657-1
- SUSE-SU-2022:3704-1
- SUSE-SU-2022:3775-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4503-1
- SUSE-SU-2022:4504-1
- SUSE-SU-2022:4505-1
- SUSE-SU-2022:4506-1
- SUSE-SU-2022:4510-1
- SUSE-SU-2022:4513-1
- SUSE-SU-2022:4515-1
- SUSE-SU-2022:4516-1
- SUSE-SU-2022:4517-1
- SUSE-SU-2022:4518-1
- SUSE-SU-2022:4520-1
- SUSE-SU-2022:4527-1
- SUSE-SU-2022:4528-1
- SUSE-SU-2022:4533-1
- SUSE-SU-2022:4534-1
- SUSE-SU-2022:4539-1
- SUSE-SU-2022:4542-1
- SUSE-SU-2022:4543-1
- SUSE-SU-2022:4544-1
- SUSE-SU-2022:4545-1
- SUSE-SU-2022:4546-1
- SUSE-SU-2022:4550-1
- SUSE-SU-2022:4551-1
- SUSE-SU-2022:4559-1
- SUSE-SU-2022:4560-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4562-1
- SUSE-SU-2022:4566-1
- SUSE-SU-2022:4569-1
- SUSE-SU-2022:4572-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4577-1
- SUSE-SU-2022:4580-1
- SUSE-SU-2022:4585-1
- SUSE-SU-2022:4587-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4595-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4613-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4616-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:2146-1
- SUSE-SU-2023:2148-1
- SUSE-SU-2023:2151-1
- SUSE-SU-2023:2162-1
- SUSE-SU-2023:2163-1
- SUSE-SU-2023:2232-1
- USN-5594-1
- USN-5599-1
- USN-5602-1
- USN-5616-1
- USN-5623-1
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5754-1
- USN-5754-2
- USN-5755-1
- USN-5755-2
- USN-5773-1
- USN-5779-1
- USN-5789-1
- USN-5794-1
- USN-5802-1
- USN-5804-1
- USN-5804-2
- USN-5808-1
- USN-5813-1
- USN-5829-1
- USN-5830-1
- USN-5861-1
- USN-5863-1
- USN-5875-1
- USN-5914-1
- USN-5918-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2119048 | https://bugzilla.redhat.com/2119048 | |
Bugzilla | 2138818 | https://bugzilla.redhat.com/2138818 | |
Bugzilla | 2141752 | https://bugzilla.redhat.com/2141752 | |
RHSA | RHSA-2023:0854 | https://access.redhat.com/errata/RHSA-2023:0854 | |
CVE | CVE-2022-2873 | https://access.redhat.com/security/cve/CVE-2022-2873 | |
CVE | CVE-2022-41222 | https://access.redhat.com/security/cve/CVE-2022-41222 | |
CVE | CVE-2022-43945 | https://access.redhat.com/security/cve/CVE-2022-43945 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-modules?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-modules | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-modules-extra?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-modules-extra | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-kvm | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-devel | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-modules?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-modules | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-modules-extra?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-modules-extra | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-kvm | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-devel | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-core?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-core | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-core?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-core | < 4.18.0-425.13.1.rt7.223.el8_7 | redhat-8.7 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |