Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2957
kernel, kernel-rt and kpatch-patch security update
1 September 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
kernel-rt
kpatch-patch
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-32399 CVE-2021-29650 CVE-2021-29154
CVE-2021-22555 CVE-2021-22543 CVE-2021-3609
CVE-2021-3347 CVE-2020-27777 CVE-2020-8648
Reference: ESB-2021.2911
ESB-2021.2899
ESB-2021.2794
ESB-2021.2511
ESB-2021.2453
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:3320
https://access.redhat.com/errata/RHSA-2021:3321
https://access.redhat.com/errata/RHSA-2021:3327
https://access.redhat.com/errata/RHSA-2021:3328
https://access.redhat.com/errata/RHSA-2021:3363
https://access.redhat.com/errata/RHSA-2021:3375
https://access.redhat.com/errata/RHSA-2021:3380
https://access.redhat.com/errata/RHSA-2021:3381
https://access.redhat.com/errata/RHSA-2021:3392
https://access.redhat.com/errata/RHSA-2021:3399
Comment: This bulletin contains ten (10) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security update
Advisory ID: RHSA-2021:3320-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3320
Issue date: 2021-08-31
CVE Names: CVE-2020-8648 CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.6
Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update
Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64
Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64
Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
* kernel: use-after-free in n_tty_receive_buf_common function in
drivers/tty/n_tty.c (CVE-2020-8648)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source:
kernel-3.10.0-957.80.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm
kernel-doc-3.10.0-957.80.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-957.80.1.el7.x86_64.rpm
kernel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm
perf-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source:
kernel-3.10.0-957.80.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm
kernel-doc-3.10.0-957.80.1.el7.noarch.rpm
ppc64le:
kernel-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debug-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-devel-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-headers-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-tools-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-957.80.1.el7.ppc64le.rpm
perf-3.10.0-957.80.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
python-perf-3.10.0-957.80.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
x86_64:
kernel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm
perf-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source:
kernel-3.10.0-957.80.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm
kernel-doc-3.10.0-957.80.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-957.80.1.el7.x86_64.rpm
kernel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm
kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm
perf-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64:
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le:
kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-957.80.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm
x86_64:
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64:
kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8648
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3nm9zjgjWX9erEAQgQiw/+PS0eDpLBno3w5Z5w4AAOBSZ5xVVUjc5g
3oc37irMYBQFeOYWjM1dY/YRJOwoKnlEFtSZiCG+DQGOh17aZkjklT4oWkdp/a8C
i5MfOXm+U7SJ6CBg+xiwq6++gze9z2qWOfSyB48yVYjCMAj7Sud5OrJ4glLXsD28
2NqjpK3m7euAAG30Q76GJR5I6Zii4TP4uxlp0wi/orvKmT10U5cqGuR61XZy4oI4
s47I7Qm1ypVl02FwPADQ+PhAEKda1M8YYC5AXnzueIaTr5FsUDJq6v8sN6Xyd8b5
UczfS79JoCtxhRyqKUq6mgLArQT5tv5FsKCp0eIMG97ZqB+qtiEYCyf42q6cNfSQ
Lvz37gpbdl87KlZbz8UGRNyjPEMFvjW5zhZSzZyfYlVt3eCSVesWAce1sAvrazqt
HmDSrAo4Hm08dIpFHrlwiPAdtLwBs20s974D/7+zaqlBrFob1ZGqygeK4nFtnaUY
aYrNXA+eM7HdSxShbAHkog8s39ISbLlq5Tez33MI9dhjg+JHafQUGlsnkHWI77HO
BxWSMgHmn4r71LOqIQEWwzr1HdPGVFxD7eX7vngZVsISTgrrVkJarDiiDRBwzHFa
8xoGtGaFHmq2O6oEKjMZf0Jx3s2/mqm2dNM9WWtXQg/n4OSTbf2XyHmQQMoDExop
X3PVCcxQcxE=
=v0C6
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2021:3321-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3321
Issue date: 2021-08-31
CVE Names: CVE-2021-22555 CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.3
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap
[7.9.z] (BZ#1975162)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source:
kernel-3.10.0-514.92.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-514.92.1.el7.noarch.rpm
kernel-doc-3.10.0-514.92.1.el7.noarch.rpm
x86_64:
kernel-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.92.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.92.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.92.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.92.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.92.1.el7.x86_64.rpm
perf-3.10.0-514.92.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
python-perf-3.10.0-514.92.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.3):
x86_64:
kernel-debug-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.92.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.92.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3jn9zjgjWX9erEAQg9ZRAAkNQsCTi3z1tMTUruFYrzv7XEwQWKagM/
mNjRisVAg6uhi9vKHVDCSZOqTMC4mQmL7Xlz335A7Bp8wzMYFQr9zgsZSuUBWiM5
LDbqPEz3ZywedWX8SRhBXHftAzcOX85rVUhk3Ge32Eqv0qjU9HVS1CI51yiRcF4H
XetBNHfrsth7hrXea0FXIVOJ41LyvEDhAG3G3WL8IfP8MXqNih+RJh4M8g3ZZPNo
PiJ4NxA+0ZI3XSfgfG0SQumbjL1K8ziH6MpHq2xzQVzaM+ewhyV4v2F7QSfsaCoJ
Rn7AdMIDpt7paSccJpbI3OKRX3nsiequ7BnwY0+6RHmNZJ91TPlzG0d056eDmM6H
8rSCHCFMf/43gqtYWuyNw7uHhggoHw1JcQQQCPbhn70eXe0Qaq9Dt6HtW+KzBfES
GbvdeeJyh3Aoy3bV9RhaTmeBm/aJ2Ryxljbg19w/KPp13FNfaQWD1akUg33rgTm2
cC0pvejJSwv4UiPlsTqOkWcvV8vNZi5PkwTmzFZudOyBy8ykmIhl8tveoSEOthbf
+0wt5te74PwuGVAotEMTjMNslvn+buf2EvPMxu2HgJ/Yc43DWboasXeyw32WcpW7
Lcaqrrx2E0ThuL15De/B/JW79WVfwFNnwGmUcMoN/gvwHCy69dYulQ3WYwU4rNdl
EVoSCH68Sh0=
=kgjk
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2021:3327-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3327
Issue date: 2021-08-31
CVE Names: CVE-2020-27777 CVE-2021-22555 CVE-2021-29154
CVE-2021-29650 CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
* kernel: powerpc: RTAS calls can be used to compromise kernel integrity
(CVE-2020-27777)
* kernel: Local privilege escalation due to incorrect BPF JIT branch
displacement computation (CVE-2021-29154)
* kernel: lack a full memory barrier upon the assignment of a new table
value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h
may lead to DoS (CVE-2021-29650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* SAN Switch rebooted and caused (?) OpenStack compute node to reboot
(BZ#1897576)
* sysfs: cannot create duplicate filename '/class/mdio_bus/ixgbe-8100
(BZ#1915449)
* XFS: read-only recovery does not update free space accounting in
superblock (BZ#1921551)
* The memcg_params field of kmem_cache struct contains an old slab address
that is to small for the current size of memcg_limited_groups_array_size.
(BZ#1951810)
* Backport of upstream patch "net: Update window_clamp if SOCK_RCVBUF is
set " into rhel-7 (BZ#1962196)
* Kernel panic in init_cq_frag_buf (BZ#1962499)
* futex: futex_requeue can potentially free the pi_state structure twice
(BZ#1966856)
* be_poll lockup doing ifenslave when netconsole using bond (BZ#1971744)
* OCP4.7 nodes panic at BUG_ON in nf_nat_setup_info() (BZ#1972970)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1897576 - SAN Switch rebooted and caused (?) OpenStack compute node to reboot
1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity
1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
kernel-3.10.0-1160.41.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.41.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm
perf-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
kernel-3.10.0-1160.41.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.41.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm
perf-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
kernel-3.10.0-1160.41.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm
ppc64:
bpftool-3.10.0-1160.41.1.el7.ppc64.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debug-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-devel-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-headers-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-tools-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.ppc64.rpm
perf-3.10.0-1160.41.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
python-perf-3.10.0-1160.41.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
ppc64le:
bpftool-3.10.0-1160.41.1.el7.ppc64le.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debug-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-devel-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-headers-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-tools-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.ppc64le.rpm
perf-3.10.0-1160.41.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
python-perf-3.10.0-1160.41.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
s390x:
bpftool-3.10.0-1160.41.1.el7.s390x.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
kernel-3.10.0-1160.41.1.el7.s390x.rpm
kernel-debug-3.10.0-1160.41.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-1160.41.1.el7.s390x.rpm
kernel-devel-3.10.0-1160.41.1.el7.s390x.rpm
kernel-headers-3.10.0-1160.41.1.el7.s390x.rpm
kernel-kdump-3.10.0-1160.41.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-1160.41.1.el7.s390x.rpm
perf-3.10.0-1160.41.1.el7.s390x.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
python-perf-3.10.0-1160.41.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm
x86_64:
bpftool-3.10.0-1160.41.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm
perf-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm
ppc64le:
bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm
x86_64:
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
kernel-3.10.0-1160.41.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm
kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm
x86_64:
bpftool-3.10.0-1160.41.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm
perf-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-27777
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-29154
https://access.redhat.com/security/cve/CVE-2021-29650
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3zD9zjgjWX9erEAQjU4w//TnDRJTaDP1Aqnw17oDl4JC6t9Rk+9nho
KVJOjzj+4/3RdL7IzEq1sBVRh8S/+eziUpNZTvLdI+A8Ri5xRYclmZYd9Nrkkhw+
UFG8PqKW7CwEaU39LVjofJvXlEn2qBlfIR8OyU0a+ucwgYt72ecI/YZpR3/Ujeh9
eLyWEJBrELkNd4EZgDM894wLLD9jnc9ZiacLreiNrKXowvbLlnZeghl82RGpDKjp
BuMFK7wlpI4ZscR/l+BETxktLmO1a8t7srA41zlPsNDf7A6N0d456UatG6xQsPUf
KwGUh0Ffv0kXEd41sPPHG6LWA0TOVj7SyvceJZNig7ZjpzcLswvEUDQtsKEsI1PW
iKE/q6yWNwTZ/FagCZt8OI8azVsrPl/vIsW6Nvb0nDSYoXIC7t8r3Arfp0O0zL3O
V3ZASRwFYBluIdcXekG/qkFNAbrY1iaNUaAIJBFMNWcZ33s1vox0hsO4U1eerQkZ
zJH9WfwIL6/J6ZQaJ1yNWN05vtE5co2Mb3c3sS1anx0t/svRTzNwsrSJyk9w5O2A
iTdTy1idc/hzJIurlDXix4521Rop6SdseAhDiP5F997fFsLDf0AJSKYT6GtsyzAq
OijHzrrd77pYgJaLfZLHgh2iV9H2wQOlG52FzDbQmxvBPUQQLySnFu9NYhO8Kf5W
+RyP5cPJTMI=
=2gjE
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:3328-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3328
Issue date: 2021-08-31
CVE Names: CVE-2021-22555 CVE-2021-29154 CVE-2021-29650
CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
* kernel: Local privilege escalation due to incorrect BPF JIT branch
displacement computation (CVE-2021-29154)
* kernel: lack a full memory barrier upon the assignment of a new table
value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h
may lead to DoS (CVE-2021-29650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update to the latest RHEL7.9.z8 source tree (BZ#1982927)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source:
kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.41.1.rt56.1181.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source:
kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.src.rpm
noarch:
kernel-rt-doc-3.10.0-1160.41.1.rt56.1181.el7.noarch.rpm
x86_64:
kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-29154
https://access.redhat.com/security/cve/CVE-2021-29650
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3zCNzjgjWX9erEAQjCvA/8CYmTP8JzZTti4UgGMSp+uEDig88vtIkk
x3B+Xr2ozZ3NinezlmnCr8QLeMA2fP/yPV9rbdCYtFzeaEwiCJgY/WRwKKXOMNAL
K7H8fV1rSOJxtBnkIa+x5MRlqvvVAzkIlyDGpFEs7UsI3FFK2o/xL5ZeB7NvTfsd
3zrkCa3pQKYADyN1hmaBw2rxHgUe2nCrpJ4u0+YgyHuVDE7ZDb7pftYcVDzkRdmE
t/eqL3u9x3wbLq5VhoUdaiQojdVkFAW5A5p8x8HtiJalcDEkyckrx6tKUG8cN7Yx
R0x/O106t6LiFaNdP1wJeYjC10pT1Gm7nmgM4LHwCXfJe4McX+9saOiu614OJq0F
zrEpTO+W/WtpLrAS08KDDeQr9K1B+Aqz9JxLrvjx9rbxQGDXSLCoEVkOR37QARsB
3Bbt7FPBU8T8Yv4ai+s5afU9oGE3tSQ2hTq+nyeOKHT0YQoUGEbXiJMTsoJfWriQ
tHeUCt/iakMkA/lQnCrQ1bJox58zSfALOgPM3nvTLCWcD2Ls27B+tobXVg1p/izv
VEwNb/i3bTbtBTuYB5cUN9jfPjYcHTEA8HyfgaG9DdQRM7yln7RUr4reh5GgT/K0
5LotqxNGBDCtQDDr1jHCXQ1ZtwH4z//NRxP3qJDicsPTS71XStIx1BvoF280LDJB
UzzHYdfnUXk=
=WCEt
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2021:3363-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3363
Issue date: 2021-08-31
CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555
CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: race condition in net/can/bcm.c leads to local privilege
escalation (CVE-2021-3609)
* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO
checks (CVE-2021-22543)
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to
add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930169)
* Every server is displaying the same power levels for all of our i40e 25G
interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0
(BZ#1967100)
* s390/uv: Fix handling of length extensions (BZ#1975657)
* RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in
LUN from Target_id's over 8 (BZ#1976265)
* Backport "tick/nohz: Conditionally restart tick on idle exit" to RHEL 8.5
(BZ#1978711)
* rhel8.3: phase 2 netfilter backports from upstream (BZ#1980323)
* xfrm: backports from upstream (BZ#1981841)
Enhancement(s):
* [8.2.z] Incorrect parsing of ACPI HMAT table reports incorrect kernel
WARNING taint (BZ#1943702)
* Only selected patches from [IBM 8.4 FEAT] ibmvnic: Backport FW950 and
assorted bug fixes (BZ#1980795)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
kernel-4.18.0-193.64.1.el8_2.src.rpm
aarch64:
bpftool-4.18.0-193.64.1.el8_2.aarch64.rpm
bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-core-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-cross-headers-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-core-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-devel-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-modules-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-devel-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-headers-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-modules-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-tools-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-tools-libs-4.18.0-193.64.1.el8_2.aarch64.rpm
perf-4.18.0-193.64.1.el8_2.aarch64.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
python3-perf-4.18.0-193.64.1.el8_2.aarch64.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
noarch:
kernel-abi-whitelists-4.18.0-193.64.1.el8_2.noarch.rpm
kernel-doc-4.18.0-193.64.1.el8_2.noarch.rpm
ppc64le:
bpftool-4.18.0-193.64.1.el8_2.ppc64le.rpm
bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-core-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-cross-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-core-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-tools-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-tools-libs-4.18.0-193.64.1.el8_2.ppc64le.rpm
perf-4.18.0-193.64.1.el8_2.ppc64le.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
python3-perf-4.18.0-193.64.1.el8_2.ppc64le.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
s390x:
bpftool-4.18.0-193.64.1.el8_2.s390x.rpm
bpftool-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-core-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-cross-headers-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-core-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-devel-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-modules-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-devel-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-headers-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-modules-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-tools-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-core-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-devel-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-modules-4.18.0-193.64.1.el8_2.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm
perf-4.18.0-193.64.1.el8_2.s390x.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
python3-perf-4.18.0-193.64.1.el8_2.s390x.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm
x86_64:
bpftool-4.18.0-193.64.1.el8_2.x86_64.rpm
bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-core-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-cross-headers-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-core-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-devel-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-modules-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-devel-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-headers-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-modules-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-tools-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-tools-libs-4.18.0-193.64.1.el8_2.x86_64.rpm
perf-4.18.0-193.64.1.el8_2.x86_64.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
python3-perf-4.18.0-193.64.1.el8_2.x86_64.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
Red Hat CodeReady Linux Builder EUS (v. 8.2):
aarch64:
bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.aarch64.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.x86_64.rpm
perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3609
https://access.redhat.com/security/cve/CVE-2021-22543
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS31B9zjgjWX9erEAQgW+g/+J99Y+Y7e8ycInntMh7wHvU3/48D0LHEh
HZo1cy4MY9GvBX5ijfFZKvQR2TLGZR0fa5driCzQ/4WW2RwUjRExpIdOLPEKqKwd
iaYXAM7LJctQX3V3lW3f+fwLxz04lxOCzXdmbBgQIsVVX4nflCEF6htIIINW5Kp8
49i1h7ca0dMRwAh9OTPw59Z0WrVB7C+jkr9kUr+rYuJz389PCPvfpzkksRHZ3wEf
veunhvMhPSbambyqnFbBfpxQ5523qx0nXaHQ24WYg3DkRaWhw/1jwSqUxIQPaxJR
sYv9jQ1hwW8JNg4TxuCrEK4PPgRaMK2NXMmqAXY7dHQudTOIwxy4zzxH7ptYkylL
I/NJ+sD3WbN1LmnT+fU/zy/etPyRtHIucdvpnzYIV7NUgg7h9E10e+yg5d4MIe1/
FN/oyEiScNHMxqlHrWeVIq9LXabf8IhZFwYJyJLagCIYAMIlN6LFfAwUFoK+0Fjj
azg7GWirLC31paNlLmEJPiVYT13TqINkntt7oXcvJeV0KPT+w6MtCkUQuiPW/ZNP
RWMQd2vvqYGLjL4Osw74uzdP1potEZFupUoxMUJpmc1gXMxAPr4HwdgpUbwsggaX
p+COJJlj0rXgKbRyBpjpJ5px+s92zYQ/6yOGOQO7Q4txXgYQb3TO7fzzoVAs7JfX
SscZLhxIDUg=
=PDEr
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel-rt security and bug fix update
Advisory ID: RHSA-2021:3375-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3375
Issue date: 2021-08-31
CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555
CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Real Time EUS (v. 8.2) - x86_64
Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2) - x86_64
3. Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: race condition in net/can/bcm.c leads to local privilege
escalation (CVE-2021-3609)
* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO
checks (CVE-2021-22543)
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest RHEL-8.2.z11 Batch source
tree (BZ#1984586)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2):
Source:
kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
Red Hat Enterprise Linux Real Time EUS (v. 8.2):
Source:
kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm
x86_64:
kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3609
https://access.redhat.com/security/cve/CVE-2021-22543
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3uK9zjgjWX9erEAQjIHQ/+KtXz+auvQkxdLrQ3PVookDYIBp33s9qf
MuDyH4ZRoh0Yby3aI9eGcgBiFCJ51Uj80i4wIIsz2ECOFrrcpF3wWfIdArZM/HXc
Cs8FAez8IPYmNGmVtuuhwvSRoovnVPRmDtYV0iYu7ptsdd4mf29zXsBywDzCJWSw
ltezyyZU5N5xwYTuYNR8F47dGY8VyzTpLbcmxMrTtdscYVe/u8VqYJaDpZrsmHvC
GBGs+Ab5Gd3lk6jQxDJx0MiItoCM/+5Eh7EtX5BSM5ER5FTkj+Xvg1yKOP5nRcmT
t8BWlaO9HaP18qV4XoUMSS9BwIcYU7cFJiYN7Td57rdmbmS2XLjMWqPTQXxb0ac1
k9e/JkLpAtvJhxByG62jHwh6KyyT6++S0YO+adU4Ng2RKDGEiBjei6wPKKWTJo+Q
F+sVmPRqjXts0FeyOJ72uUQRW+77IEhDDXYGSxdQtSgpOYd0PVfbdg/HJM4gEZu/
HiQ08oKKYM7Obd8G83sVzuYEsNI0c+dUVeo9xeOSmP4PVOpTiSdJ6jZRO6+lz3R2
9nBEXYDg3sSh8REV1B58/p3bPJuZcnXYnUeMM+QdcDMMayrPI0MGPK71nvvcdJ2X
3hC7UJTrHaXjJ5IpKhbGuZRlAYVKJYlwwRyZ870ROEgHg3eLFBx+pnEwDIXlltuc
2kK2n9Apl58=
=IEMW
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2021:3380-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3380
Issue date: 2021-08-31
CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555
CVE-2021-32399
=====================================================================
1. Summary:
An update is now available for Red Hat Enterprise Linux 8.2 Extended Update
Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - ppc64le, x86_64
3. Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.
Security Fix(es):
* kernel: race condition in net/can/bcm.c leads to local privilege
escalation (CVE-2021-3609)
* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO
checks (CVE-2021-22543)
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source:
kpatch-patch-4_18_0-193_19_1-1-11.el8_2.src.rpm
kpatch-patch-4_18_0-193_28_1-1-9.el8_2.src.rpm
kpatch-patch-4_18_0-193_29_1-1-9.el8_2.src.rpm
kpatch-patch-4_18_0-193_37_1-1-9.el8_2.src.rpm
kpatch-patch-4_18_0-193_40_1-1-9.el8_2.src.rpm
kpatch-patch-4_18_0-193_41_1-1-9.el8_2.src.rpm
kpatch-patch-4_18_0-193_46_1-1-6.el8_2.src.rpm
kpatch-patch-4_18_0-193_47_1-1-6.el8_2.src.rpm
kpatch-patch-4_18_0-193_51_1-1-3.el8_2.src.rpm
kpatch-patch-4_18_0-193_56_1-1-2.el8_2.src.rpm
kpatch-patch-4_18_0-193_60_2-1-1.el8_2.src.rpm
ppc64le:
kpatch-patch-4_18_0-193_19_1-1-11.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_19_1-debuginfo-1-11.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_19_1-debugsource-1-11.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-debuginfo-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_28_1-debugsource-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-debuginfo-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_29_1-debugsource-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-debuginfo-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_37_1-debugsource-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-debuginfo-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_40_1-debugsource-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-debuginfo-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_41_1-debugsource-1-9.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-debuginfo-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_46_1-debugsource-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-debuginfo-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_47_1-debugsource-1-6.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-debuginfo-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_51_1-debugsource-1-3.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-debuginfo-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_56_1-debugsource-1-2.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_60_2-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_60_2-debuginfo-1-1.el8_2.ppc64le.rpm
kpatch-patch-4_18_0-193_60_2-debugsource-1-1.el8_2.ppc64le.rpm
x86_64:
kpatch-patch-4_18_0-193_19_1-1-11.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_19_1-debuginfo-1-11.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_19_1-debugsource-1-11.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-debuginfo-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_28_1-debugsource-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-debuginfo-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_29_1-debugsource-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-debuginfo-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_37_1-debugsource-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-debuginfo-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_40_1-debugsource-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-debuginfo-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_41_1-debugsource-1-9.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-debuginfo-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_46_1-debugsource-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-debuginfo-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_47_1-debugsource-1-6.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-debuginfo-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_51_1-debugsource-1-3.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-debuginfo-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_56_1-debugsource-1-2.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_60_2-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_60_2-debuginfo-1-1.el8_2.x86_64.rpm
kpatch-patch-4_18_0-193_60_2-debugsource-1-1.el8_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3609
https://access.redhat.com/security/cve/CVE-2021-22543
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS3xBtzjgjWX9erEAQgl5w/9GMNPgtrs19lghz8Z63SM2GQOpF5aNqhk
RPDZKMz6ai2zz3JvH8QDMtAkWUUIM6wjqH7frERcJ6gEn8chPnG8dYtECiJnqBsn
gWa2yb/Dg802kR3Y0PxJTUsri36ikbXszN38NKN8LmT6Dd8YREUXZ/g6HKHEZxSB
ed7AsaUnGpN04BrXXXOdiUmBAr2mPBU5bfFHeRLo2aNF1YolItJaOVpiSA771out
n8p3WQywat1/wCe3yaERLS//9SjKhHHYR6e/tjG/gwQ1AE6JWyT7EFWFF6e4KVUf
5j5YIMiiksCwJROTNdLpnpuVFrSwEXbNvhvnoftyqQ4xVItqdJl+pk0+Y14rO042
NCq3HXqhn718QQjRD/AgdBcFpgNb5KAv2IopA7Ja3KUtRG93/+/7bNWWJ3oKQzpf
7Fx8IIR/VVAv+alxQTs1M2X6qeLC+E9gIbMBbBQ+qjYn249lY6ZO/vgQ2HBrQCpM
B7bW0dG7LlDUO4ank2eTZZdOzCeAYAjdZmaVkFizsk6OZA3vS43LfgaNh5lZtuZb
o3R9wZIQ8+1xCQyuXt8yTSU1WNx1x1WO0Mvf0YVlTAjAafiMlaAAEkdxpxBpyQwA
841aQQQq0IXWo/vmmsN4+kwwN7P+PDUz3kbjzENHLMUqBViQzCYcZgUpp7eyW32s
nVSvD3VJeBo=
=4DNH
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2021:3381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3381
Issue date: 2021-08-31
CVE Names: CVE-2021-22555 CVE-2021-32399
=====================================================================
1. Summary:
An update is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64
3. Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.
Security Fix(es):
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux Server (v. 7):
Source:
kpatch-patch-3_10_0-1160-1-8.el7.src.rpm
kpatch-patch-3_10_0-1160_11_1-1-7.el7.src.rpm
kpatch-patch-3_10_0-1160_15_2-1-7.el7.src.rpm
kpatch-patch-3_10_0-1160_21_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-1160_24_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-1160_25_1-1-3.el7.src.rpm
kpatch-patch-3_10_0-1160_2_1-1-8.el7.src.rpm
kpatch-patch-3_10_0-1160_2_2-1-8.el7.src.rpm
kpatch-patch-3_10_0-1160_31_1-1-2.el7.src.rpm
kpatch-patch-3_10_0-1160_36_2-1-1.el7.src.rpm
kpatch-patch-3_10_0-1160_6_1-1-8.el7.src.rpm
ppc64le:
kpatch-patch-3_10_0-1160-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160-debuginfo-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_11_1-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_11_1-debuginfo-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_15_2-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_15_2-debuginfo-1-7.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_21_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_21_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_24_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_24_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_25_1-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_25_1-debuginfo-1-3.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_1-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_1-debuginfo-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_2-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_2_2-debuginfo-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_31_1-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_31_1-debuginfo-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_36_2-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_36_2-debuginfo-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_6_1-1-8.el7.ppc64le.rpm
kpatch-patch-3_10_0-1160_6_1-debuginfo-1-8.el7.ppc64le.rpm
x86_64:
kpatch-patch-3_10_0-1160-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160-debuginfo-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_11_1-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_11_1-debuginfo-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_15_2-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_15_2-debuginfo-1-7.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_21_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_21_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_24_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_24_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_25_1-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_25_1-debuginfo-1-3.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_1-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_1-debuginfo-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_2-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_2_2-debuginfo-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_31_1-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_31_1-debuginfo-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_36_2-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_36_2-debuginfo-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_6_1-1-8.el7.x86_64.rpm
kpatch-patch-3_10_0-1160_6_1-debuginfo-1-8.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS33T9zjgjWX9erEAQgC/w/+MIVLnXWkC8sDm7626td8OLMfQ3gBGVM/
8Hj5B/lbz9pJXdCt1Ag/dBHkwxxFLfzjzamHAJmaDFJFcyeZZ+Ge16mCwVInSXZy
G7tnsJ2VQ7iS8LpStVOg0nsruZbXqP8qX+uaRw4jcow13tfuWzlQGpcXf0X9hdA5
t62CDxjGe2X/Svz79QyEYqEP1BxcM2Xl4/JfNPXsLlRA7TuQ15SiwmpF+583wOAF
rnVsrxOmZ+gA35eJo45mk+Wkv0xOMG/ntqhe4zHX4avDWvADTa906a5xTRAaBkId
0UJKv8p3URuzZRX8Ry/MjtjAJIQC/Ek1G1cFENDlm9LPQQv23tNbMQVvvnABROif
vOjyqTJgyAnm5vxYBCuxnaCf6QQNWMuK7XmCI2ipj5LBdY/BD/uZGMQOmXgYX9IV
snBePzi2Qcy5FsTRm8TXZmRWumuRgqi0ZBvVcAm/aAJrtL5S0MTrTyNh/l0UxPwf
Ms6oPjjgOj8pB2CiRphlj51VHL+L7z//ZrBd15TQLi+mvXrRnDjxD0lUQzNNeykL
F0co9eZCu6t9DidQssvAXrD/kRKz6MgRdDWdZl4RRmReVJ3d9V74MaUxVjT6U6I5
jcOizMPxWGTpcI4N8oAaTh+XSQWL6L2/zFP85Xr5Xx0YtgizpL/aGhjDNs/+GyG2
0oVXkIPndL8=
=GFdy
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kpatch-patch security update
Advisory ID: RHSA-2021:3392-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3392
Issue date: 2021-08-31
CVE Names: CVE-2021-32399
=====================================================================
1. Summary:
An update is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64
3. Description:
This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.
Security Fix(es):
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
6. Package List:
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source:
kpatch-patch-3_10_0-957_61_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-957_61_2-1-5.el7.src.rpm
kpatch-patch-3_10_0-957_62_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-957_65_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-957_66_1-1-5.el7.src.rpm
kpatch-patch-3_10_0-957_70_1-1-4.el7.src.rpm
kpatch-patch-3_10_0-957_72_1-1-2.el7.src.rpm
kpatch-patch-3_10_0-957_76_1-1-2.el7.src.rpm
kpatch-patch-3_10_0-957_78_2-1-1.el7.src.rpm
ppc64le:
kpatch-patch-3_10_0-957_61_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_2-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_61_2-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_62_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_62_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_65_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_65_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_66_1-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_66_1-debuginfo-1-5.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_70_1-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_70_1-debuginfo-1-4.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_72_1-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_72_1-debuginfo-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_76_1-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_76_1-debuginfo-1-2.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_78_2-1-1.el7.ppc64le.rpm
kpatch-patch-3_10_0-957_78_2-debuginfo-1-1.el7.ppc64le.rpm
x86_64:
kpatch-patch-3_10_0-957_61_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_2-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_61_2-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_62_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_62_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_65_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_65_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_66_1-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_66_1-debuginfo-1-5.el7.x86_64.rpm
kpatch-patch-3_10_0-957_70_1-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_70_1-debuginfo-1-4.el7.x86_64.rpm
kpatch-patch-3_10_0-957_72_1-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-957_72_1-debuginfo-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-957_76_1-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-957_76_1-debuginfo-1-2.el7.x86_64.rpm
kpatch-patch-3_10_0-957_78_2-1-1.el7.x86_64.rpm
kpatch-patch-3_10_0-957_78_2-debuginfo-1-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS4widzjgjWX9erEAQh1NA/8DAwXS73YUlqO6VsjIlr+jzwVMgxhTIf/
q+EGIE3xkZTInR8hEEjlTa1HDsENO+fPU6prt77U0SRhsMB76bs+9ZPti0SQnlZ7
A9OnhgXP1oLQXNi16cJOSoFXS/3QFu3D6Pdagi5yxcS0rw+OsvglvDM5tu91JuHG
+3wjmuUMSBqnhvYahH6OZMrODpoPfaqMB727msPoZUaIsrUmeIAdnw+xl6CzFIqM
VW9rErjglfj01S6R/xg4xL6UidxVxaZh5oc6BHePhPkXcjGqNusl1oiEh5BKgjRi
MDedf7I380PoEUbCctlUcy+62rUewUX45ULri1c/FVJqFNlMEUwrBRc6LdvBQSLu
0utvMJSTYJif3uWNITn/2awL6X0jt8+F8che/4C33MYvmsHIr1SG6FDV7lBmmT98
Y9qCOoujUtDUxyRM1MlChvlohIIFyXjsAsx6ft8pIVdU6J2S4/oPWER7x2kbCnev
QhcSqtG1tcIWfEy2JMKN7urnrzYyLdZg5/Nkqf6h9AsdZ1pdkW7YlPOLWCkWWjC+
OJnmq9cPo3HrKTIZsw+/4NSmu6bnDcO9Le4i2FaCJGaFOQiTWMRKt24oDvCduOW+
tVZkXQDUc8zBYdcOkd5icDQGuapJIhKygY2Vbo+GMm/W/H2RIku2+tGm7ptWPovf
xIzPx0M/n9k=
=/uzs
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2021:3399-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3399
Issue date: 2021-08-31
CVE Names: CVE-2021-3347 CVE-2021-22555 CVE-2021-32399
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.2
Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64
Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* kernel: Use after free via PI futex state (CVE-2021-3347)
* kernel: out-of-bounds write in xt_compat_target_from_user() in
net/netfilter/x_tables.c (CVE-2021-22555)
* kernel: race condition for removal of the HCI controller (CVE-2021-32399)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap
[7.9.z] (BZ#1975163)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1922249 - CVE-2021-3347 kernel: Use after free via PI futex state
1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller
1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c
6. Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source:
kernel-3.10.0-327.100.1.el7.src.rpm
noarch:
kernel-abi-whitelists-3.10.0-327.100.1.el7.noarch.rpm
kernel-doc-3.10.0-327.100.1.el7.noarch.rpm
x86_64:
kernel-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debug-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm
kernel-devel-3.10.0-327.100.1.el7.x86_64.rpm
kernel-headers-3.10.0-327.100.1.el7.x86_64.rpm
kernel-tools-3.10.0-327.100.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-327.100.1.el7.x86_64.rpm
perf-3.10.0-327.100.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
python-perf-3.10.0-327.100.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64:
kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-327.100.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3347
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYS6G+9zjgjWX9erEAQjlXA/+NY7jrOKKWEkuepexvRMye18HZW5BE9jN
Lxdg268Nkif95eNmtd+gS0qracaO4HR9Iv01nDoNqf75NsK7FV03eN5Z8LYwrm6r
t/b4S4fVRU7bWwUlDE5s8HAhAHLmQ0t2B1cb/XII6R8sSdYG5jHAiFQB1VDS9Z1u
Fi8ICfvM2wJZWVZguZWsXzZvLYYBxUxhE0rHcoCuoTIXHIi/QuFtpJ/QBZyAaphz
AVtuRYQ62xOB3Xh7DWiPJK3dYFTqADqyENU58W7cQ2p6/w+Q8XTBZwXmtO0Skli2
A0PTrSGDYkvEiBPz9iSKzrLlkrOAB2V3s5dnzB1gEqJC1k9JNn8EnG1rPvW5p3Kk
M6FFBb+AJ9CZ9yn7N1zzclEZTMZPkIIduUUAijFHff2uH1nQFwadWuo3UFu3L0G+
e0al2Sh64/fJ7QMJBEwA1fQsk36h8rJgBcMKGEdQ+cEE3rUmymg23cANAZTvSq1G
zFfkJFRHZ6ydjuk//6mVDwuM9GA/Uhd+xu7PHf4PTnE5VZDDfebP69LEV+zHlobh
MSKRHMFDap2h5AO6QNm/g+oH/NS8C1I3/c76SmkTU0ebvrcsWrx9ZZ63jRH/nncd
0YgwIwmkgBZTf/o5tjJxugIix5g4mwsJOf/x2o44t5gXb7Iug+xEPb6+K3NinFRM
hVDE3gCjZ3U=
=5gdy
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYS7ofeNLKJtyKPYoAQjTyA//Q2CGK3tMqB0A448LXhGh/SGIgeX8nZaU
lTFF+9dEE6H0FR9oGPjej+nXVI7dOhAzjE8p9oMpSuJ74FibYIZmG/T4BKzF/3v5
LoUcv4LjHAIvPTjbcEQ9L+/ytiE8Jeh4aut/yJfOOq9XWzioPSDB1yaH8RunALHJ
dQr5PBJXmSJhwZ8XFUcVtJWo/38d8yT9NMFOf0119Iq5zH20eHqjbHC96TukSzKx
vROUdVBaFMefjHA62fzEga1Ay9TO07RmfHiOxvKxBsaPLwc/yarDlV0LwSJYF2U3
uVebBlpYw+2RnnlrC474te4Y+Z1Xr6unbOH/+DsiPqZAtlSren647P55KbKpGj0d
UUPrDG4zZZ+nZKOF0bQViqgkb49rwjz9POqsbIUPcIYzlT9bU0z/M3Mnm6/Ox2U9
Fkh5KCBPAN53pmSoCGa8ghTPBeE6hAaq5j0/7j/zD0ce4MtVS27p5CQ7ZsEy6gZc
BqTvq9MSrJVQSIWij+tkfmr4dikiyOEuoYknzA5kyjuBgpRGTnGze0MUnYiLTe+O
rupOoemm0gsbN0tOu0J2wTzh3awDBdec4Uan2VOWFRXuCd7c81mS3mqBlVTUfaDo
iOqw3rQM+8AnhUWMLAcOkbzqFW3OeI+OygdFW/u3igYuh6EMfL3f+zgJZ/C6m2Kj
RJYZjRjliBM=
=9Xy7
-----END PGP SIGNATURE-----