RLSA-2022:7444
Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)
* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)
* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
* Use after free in SUNRPC subsystem (CVE-2022-28893)
* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
2022-11-08 06:19:55
2023-02-02 13:55:11
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux 8
1
Moderate
An update is available for kernel-rt.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)
* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)
* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)
* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)
* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)
* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
* Use after free in SUNRPC subsystem (CVE-2022-28893)
* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
rocky-linux-8-x86-64-nfv-rpms
kernel-rt-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
ac47b7b84a125e963c6eee8553303b58c12decafe9af2ace64a8db6a03f2d598
kernel-rt-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
5a50d0b2efae91f9161d4b74ad82acf22f82a51f8f6a1ba55c76e08f8981dada
kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
82f79eb68df1b991991d43d82076845c07a4f3dc5c89e1b2afc85707a2202b8b
kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
cb1bdce926b21d79cb17ec390fb3fc6cf985184effa06b804efbf6c52b05cd01
kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
54752dc97e8b9a6464688730cf3b964a143b2276ce378648c07e288eccc5cccf
kernel-rt-debuginfo-common-x86_64-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
a6042a61e450115260c0136f300d7ad0372f7dfa4928ef2df2d233c79cdf5b48
kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
a42f755741f9f40ea5d314ada223602a3a3fd9fb8b34ca56bbb92d18ca45d614
kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
f8bdfcc81e1660a90415fa3bfa6ab580f7bf2414f0bcfeef36f4696d1cc86ec1
kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
db78b923643a96642b20b51994234175bffe2fc24f528edfee3cd825012ffda9
kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
840d8b2c07bfd25ed9d0c6620eb11387fc606e04aa4097b293c74b94bc148cfa
kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
268179f85d0f67cfc7d0e0d3fca536e3a15d7cfb1f4a180e6aaa97fdd0d74f33
kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
52ee49b34ec4de2a5b3c9943d6bd95a5a58787f104ee8c9e12bed53c3324b957
kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8.x86_64.rpm
47790e8e3fbc64355aca26f537c0e8c5e34bf462d4cc7f29d158fb671773f562
RLBA-2022:7446
rt-setup bug fix and enhancement update
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
2022-11-08 06:19:57
2023-02-02 13:55:11
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux 8
1
None
An update is available for rt-setup.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
For detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.
rocky-linux-8-x86-64-nfv-rpms
rt-setup-2.1-4.el8.x86_64.rpm
1a7e073aaba75a6adf07c8a7ea2b3b31e09ee6cd57f56a687e3ea08ae7cceac3
RLSA-2023:0114
Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411)
* [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867)
2023-01-12 08:25:42
2023-02-02 13:55:12
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux 8
1
Important
An update is available for kernel-rt.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The latest Rocky Linux 8.7.z1 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2137411)
* [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139867)
rocky-linux-8-x86-64-nfv-rpms
kernel-rt-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
98837004fbf61990c3c258ca76621765340b070fb1bd7ac37fbddd49744d93bd
kernel-rt-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
224da004e6aaf7dc7bd6cf5f2402bbddae5dda809f16df38930fb8c94f78fd29
kernel-rt-debug-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
009f0969a4f571b8944fbcfc0d8934f7c7660b2bb5d51ffb2c31d771db76eada
kernel-rt-debug-core-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
a5e3c763edd5d21e3e50802a55125a3aa5e2263d0448a45bc19c4053206874f7
kernel-rt-debug-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
29a5ca819c20ab5a9a73ef8ce13ffef39149c43bb8bfaf30724b85d426e9f11a
kernel-rt-debuginfo-common-x86_64-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
fe4a8abeeb99a3bca57be9fbbda5a2c8763b27c82e00f8a7a10f4011f33edad6
kernel-rt-debug-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
86061e95640d926c5b07dacf7d683b7816fe5d84af428df0106f4814485ef907
kernel-rt-debug-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
ed274022c1b74d6398b1c29f4b8319786750c160194699360e27dc53dc5e3707
kernel-rt-debug-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
0b4fa7b23831278421f4786ca058e45796e50f3c0dac645b22b1968117691cf9
kernel-rt-devel-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
c7cc44181eb945a901256dd628ce8920dbdfcc0c6b28299a0b1c86389c1e00a2
kernel-rt-kvm-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
a138af746550b98f37ff2d961ecb148fa17646e25deb0450ae950244d91c247d
kernel-rt-modules-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
a0ede768e0052c07cb523dfaaeaae6c2e986c5f6370f557882cda900417f1747
kernel-rt-modules-extra-4.18.0-425.10.1.rt7.220.el8_7.x86_64.rpm
3a2442fb615e30a862cf7f234fb9eccb1027d3b89fdfc7f9d2802823e5e235ad