Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2957 kernel, kernel-rt and kpatch-patch security update 1 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kernel kernel-rt kpatch-patch Publisher: Red Hat Operating System: Red Hat Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-32399 CVE-2021-29650 CVE-2021-29154 CVE-2021-22555 CVE-2021-22543 CVE-2021-3609 CVE-2021-3347 CVE-2020-27777 CVE-2020-8648 Reference: ESB-2021.2911 ESB-2021.2899 ESB-2021.2794 ESB-2021.2511 ESB-2021.2453 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3320 https://access.redhat.com/errata/RHSA-2021:3321 https://access.redhat.com/errata/RHSA-2021:3327 https://access.redhat.com/errata/RHSA-2021:3328 https://access.redhat.com/errata/RHSA-2021:3363 https://access.redhat.com/errata/RHSA-2021:3375 https://access.redhat.com/errata/RHSA-2021:3380 https://access.redhat.com/errata/RHSA-2021:3381 https://access.redhat.com/errata/RHSA-2021:3392 https://access.redhat.com/errata/RHSA-2021:3399 Comment: This bulletin contains ten (10) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security update Advisory ID: RHSA-2021:3320-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3320 Issue date: 2021-08-31 CVE Names: CVE-2020-8648 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, and Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1802559 - CVE-2020-8648 kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.80.1.el7.x86_64.rpm kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm ppc64le: kernel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm kernel-devel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-headers-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-957.80.1.el7.ppc64le.rpm perf-3.10.0-957.80.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: kernel-3.10.0-957.80.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-957.80.1.el7.noarch.rpm kernel-doc-3.10.0-957.80.1.el7.noarch.rpm x86_64: bpftool-3.10.0-957.80.1.el7.x86_64.rpm kernel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-devel-3.10.0-957.80.1.el7.x86_64.rpm kernel-headers-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.80.1.el7.x86_64.rpm perf-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: kernel-debug-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): x86_64: kernel-debug-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.80.1.el7.x86_64.rpm perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.80.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8648 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3nm9zjgjWX9erEAQgQiw/+PS0eDpLBno3w5Z5w4AAOBSZ5xVVUjc5g 3oc37irMYBQFeOYWjM1dY/YRJOwoKnlEFtSZiCG+DQGOh17aZkjklT4oWkdp/a8C i5MfOXm+U7SJ6CBg+xiwq6++gze9z2qWOfSyB48yVYjCMAj7Sud5OrJ4glLXsD28 2NqjpK3m7euAAG30Q76GJR5I6Zii4TP4uxlp0wi/orvKmT10U5cqGuR61XZy4oI4 s47I7Qm1ypVl02FwPADQ+PhAEKda1M8YYC5AXnzueIaTr5FsUDJq6v8sN6Xyd8b5 UczfS79JoCtxhRyqKUq6mgLArQT5tv5FsKCp0eIMG97ZqB+qtiEYCyf42q6cNfSQ Lvz37gpbdl87KlZbz8UGRNyjPEMFvjW5zhZSzZyfYlVt3eCSVesWAce1sAvrazqt HmDSrAo4Hm08dIpFHrlwiPAdtLwBs20s974D/7+zaqlBrFob1ZGqygeK4nFtnaUY aYrNXA+eM7HdSxShbAHkog8s39ISbLlq5Tez33MI9dhjg+JHafQUGlsnkHWI77HO BxWSMgHmn4r71LOqIQEWwzr1HdPGVFxD7eX7vngZVsISTgrrVkJarDiiDRBwzHFa 8xoGtGaFHmq2O6oEKjMZf0Jx3s2/mqm2dNM9WWtXQg/n4OSTbf2XyHmQQMoDExop X3PVCcxQcxE= =v0C6 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3321-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3321 Issue date: 2021-08-31 CVE Names: CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975162) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: kernel-3.10.0-514.92.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.92.1.el7.noarch.rpm kernel-doc-3.10.0-514.92.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.92.1.el7.x86_64.rpm kernel-debug-3.10.0-514.92.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.92.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.92.1.el7.x86_64.rpm kernel-devel-3.10.0-514.92.1.el7.x86_64.rpm kernel-headers-3.10.0-514.92.1.el7.x86_64.rpm kernel-tools-3.10.0-514.92.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.92.1.el7.x86_64.rpm perf-3.10.0-514.92.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm python-perf-3.10.0-514.92.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.92.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.92.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.92.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3jn9zjgjWX9erEAQg9ZRAAkNQsCTi3z1tMTUruFYrzv7XEwQWKagM/ mNjRisVAg6uhi9vKHVDCSZOqTMC4mQmL7Xlz335A7Bp8wzMYFQr9zgsZSuUBWiM5 LDbqPEz3ZywedWX8SRhBXHftAzcOX85rVUhk3Ge32Eqv0qjU9HVS1CI51yiRcF4H XetBNHfrsth7hrXea0FXIVOJ41LyvEDhAG3G3WL8IfP8MXqNih+RJh4M8g3ZZPNo PiJ4NxA+0ZI3XSfgfG0SQumbjL1K8ziH6MpHq2xzQVzaM+ewhyV4v2F7QSfsaCoJ Rn7AdMIDpt7paSccJpbI3OKRX3nsiequ7BnwY0+6RHmNZJ91TPlzG0d056eDmM6H 8rSCHCFMf/43gqtYWuyNw7uHhggoHw1JcQQQCPbhn70eXe0Qaq9Dt6HtW+KzBfES GbvdeeJyh3Aoy3bV9RhaTmeBm/aJ2Ryxljbg19w/KPp13FNfaQWD1akUg33rgTm2 cC0pvejJSwv4UiPlsTqOkWcvV8vNZi5PkwTmzFZudOyBy8ykmIhl8tveoSEOthbf +0wt5te74PwuGVAotEMTjMNslvn+buf2EvPMxu2HgJ/Yc43DWboasXeyw32WcpW7 Lcaqrrx2E0ThuL15De/B/JW79WVfwFNnwGmUcMoN/gvwHCy69dYulQ3WYwU4rNdl EVoSCH68Sh0= =kgjk - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3327-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3327 Issue date: 2021-08-31 CVE Names: CVE-2020-27777 CVE-2021-22555 CVE-2021-29154 CVE-2021-29650 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * SAN Switch rebooted and caused (?) OpenStack compute node to reboot (BZ#1897576) * sysfs: cannot create duplicate filename '/class/mdio_bus/ixgbe-8100 (BZ#1915449) * XFS: read-only recovery does not update free space accounting in superblock (BZ#1921551) * The memcg_params field of kmem_cache struct contains an old slab address that is to small for the current size of memcg_limited_groups_array_size. (BZ#1951810) * Backport of upstream patch "net: Update window_clamp if SOCK_RCVBUF is set " into rhel-7 (BZ#1962196) * Kernel panic in init_cq_frag_buf (BZ#1962499) * futex: futex_requeue can potentially free the pi_state structure twice (BZ#1966856) * be_poll lockup doing ifenslave when netconsole using bond (BZ#1971744) * OCP4.7 nodes panic at BUG_ON in nf_nat_setup_info() (BZ#1972970) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1897576 - SAN Switch rebooted and caused (?) OpenStack compute node to reboot 1900844 - CVE-2020-27777 kernel: powerpc: RTAS calls can be used to compromise kernel integrity 1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS 1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1160.41.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.41.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm perf-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1160.41.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.41.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm perf-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1160.41.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1160.41.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-3.10.0-1160.41.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debug-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.41.1.el7.ppc64.rpm kernel-devel-3.10.0-1160.41.1.el7.ppc64.rpm kernel-headers-3.10.0-1160.41.1.el7.ppc64.rpm kernel-tools-3.10.0-1160.41.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.ppc64.rpm perf-3.10.0-1160.41.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm python-perf-3.10.0-1160.41.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1160.41.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debug-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-devel-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-headers-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-tools-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.ppc64le.rpm perf-3.10.0-1160.41.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm python-perf-3.10.0-1160.41.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1160.41.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm kernel-3.10.0-1160.41.1.el7.s390x.rpm kernel-debug-3.10.0-1160.41.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1160.41.1.el7.s390x.rpm kernel-devel-3.10.0-1160.41.1.el7.s390x.rpm kernel-headers-3.10.0-1160.41.1.el7.s390x.rpm kernel-kdump-3.10.0-1160.41.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1160.41.1.el7.s390x.rpm perf-3.10.0-1160.41.1.el7.s390x.rpm perf-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm python-perf-3.10.0-1160.41.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1160.41.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm perf-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1160.41.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1160.41.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1160.41.1.el7.noarch.rpm kernel-doc-3.10.0-1160.41.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1160.41.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-devel-3.10.0-1160.41.1.el7.x86_64.rpm kernel-headers-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1160.41.1.el7.x86_64.rpm perf-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1160.41.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1160.41.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-27777 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-29650 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3zD9zjgjWX9erEAQjU4w//TnDRJTaDP1Aqnw17oDl4JC6t9Rk+9nho KVJOjzj+4/3RdL7IzEq1sBVRh8S/+eziUpNZTvLdI+A8Ri5xRYclmZYd9Nrkkhw+ UFG8PqKW7CwEaU39LVjofJvXlEn2qBlfIR8OyU0a+ucwgYt72ecI/YZpR3/Ujeh9 eLyWEJBrELkNd4EZgDM894wLLD9jnc9ZiacLreiNrKXowvbLlnZeghl82RGpDKjp BuMFK7wlpI4ZscR/l+BETxktLmO1a8t7srA41zlPsNDf7A6N0d456UatG6xQsPUf KwGUh0Ffv0kXEd41sPPHG6LWA0TOVj7SyvceJZNig7ZjpzcLswvEUDQtsKEsI1PW iKE/q6yWNwTZ/FagCZt8OI8azVsrPl/vIsW6Nvb0nDSYoXIC7t8r3Arfp0O0zL3O V3ZASRwFYBluIdcXekG/qkFNAbrY1iaNUaAIJBFMNWcZ33s1vox0hsO4U1eerQkZ zJH9WfwIL6/J6ZQaJ1yNWN05vtE5co2Mb3c3sS1anx0t/svRTzNwsrSJyk9w5O2A iTdTy1idc/hzJIurlDXix4521Rop6SdseAhDiP5F997fFsLDf0AJSKYT6GtsyzAq OijHzrrd77pYgJaLfZLHgh2iV9H2wQOlG52FzDbQmxvBPUQQLySnFu9NYhO8Kf5W +RyP5cPJTMI= =2gjE - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:3328-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3328 Issue date: 2021-08-31 CVE Names: CVE-2021-22555 CVE-2021-29154 CVE-2021-29650 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z8 source tree (BZ#1982927) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1945388 - CVE-2021-29650 kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS 1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux for Real Time for NFV (v. 7): Source: kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.41.1.rt56.1181.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm Red Hat Enterprise Linux for Real Time (v. 7): Source: kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.src.rpm noarch: kernel-rt-doc-3.10.0-1160.41.1.rt56.1181.el7.noarch.rpm x86_64: kernel-rt-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.41.1.rt56.1181.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-29650 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3zCNzjgjWX9erEAQjCvA/8CYmTP8JzZTti4UgGMSp+uEDig88vtIkk x3B+Xr2ozZ3NinezlmnCr8QLeMA2fP/yPV9rbdCYtFzeaEwiCJgY/WRwKKXOMNAL K7H8fV1rSOJxtBnkIa+x5MRlqvvVAzkIlyDGpFEs7UsI3FFK2o/xL5ZeB7NvTfsd 3zrkCa3pQKYADyN1hmaBw2rxHgUe2nCrpJ4u0+YgyHuVDE7ZDb7pftYcVDzkRdmE t/eqL3u9x3wbLq5VhoUdaiQojdVkFAW5A5p8x8HtiJalcDEkyckrx6tKUG8cN7Yx R0x/O106t6LiFaNdP1wJeYjC10pT1Gm7nmgM4LHwCXfJe4McX+9saOiu614OJq0F zrEpTO+W/WtpLrAS08KDDeQr9K1B+Aqz9JxLrvjx9rbxQGDXSLCoEVkOR37QARsB 3Bbt7FPBU8T8Yv4ai+s5afU9oGE3tSQ2hTq+nyeOKHT0YQoUGEbXiJMTsoJfWriQ tHeUCt/iakMkA/lQnCrQ1bJox58zSfALOgPM3nvTLCWcD2Ls27B+tobXVg1p/izv VEwNb/i3bTbtBTuYB5cUN9jfPjYcHTEA8HyfgaG9DdQRM7yln7RUr4reh5GgT/K0 5LotqxNGBDCtQDDr1jHCXQ1ZtwH4z//NRxP3qJDicsPTS71XStIx1BvoF280LDJB UzzHYdfnUXk= =WCEt - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2021:3363-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3363 Issue date: 2021-08-31 CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930169) * Every server is displaying the same power levels for all of our i40e 25G interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0 (BZ#1967100) * s390/uv: Fix handling of length extensions (BZ#1975657) * RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in LUN from Target_id's over 8 (BZ#1976265) * Backport "tick/nohz: Conditionally restart tick on idle exit" to RHEL 8.5 (BZ#1978711) * rhel8.3: phase 2 netfilter backports from upstream (BZ#1980323) * xfrm: backports from upstream (BZ#1981841) Enhancement(s): * [8.2.z] Incorrect parsing of ACPI HMAT table reports incorrect kernel WARNING taint (BZ#1943702) * Only selected patches from [IBM 8.4 FEAT] ibmvnic: Backport FW950 and assorted bug fixes (BZ#1980795) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kernel-4.18.0-193.64.1.el8_2.src.rpm aarch64: bpftool-4.18.0-193.64.1.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-core-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-devel-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-headers-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-modules-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.aarch64.rpm perf-4.18.0-193.64.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.64.1.el8_2.noarch.rpm kernel-doc-4.18.0-193.64.1.el8_2.noarch.rpm ppc64le: bpftool-4.18.0-193.64.1.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-core-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm s390x: bpftool-4.18.0-193.64.1.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.64.1.el8_2.s390x.rpm kernel-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-headers-4.18.0-193.64.1.el8_2.s390x.rpm kernel-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm kernel-tools-4.18.0-193.64.1.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.64.1.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.64.1.el8_2.s390x.rpm perf-4.18.0-193.64.1.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm python3-perf-4.18.0-193.64.1.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.s390x.rpm x86_64: bpftool-4.18.0-193.64.1.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-core-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-devel-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-headers-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-modules-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.64.1.el8_2.x86_64.rpm perf-4.18.0-193.64.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: bpftool-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.64.1.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.64.1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS31B9zjgjWX9erEAQgW+g/+J99Y+Y7e8ycInntMh7wHvU3/48D0LHEh HZo1cy4MY9GvBX5ijfFZKvQR2TLGZR0fa5driCzQ/4WW2RwUjRExpIdOLPEKqKwd iaYXAM7LJctQX3V3lW3f+fwLxz04lxOCzXdmbBgQIsVVX4nflCEF6htIIINW5Kp8 49i1h7ca0dMRwAh9OTPw59Z0WrVB7C+jkr9kUr+rYuJz389PCPvfpzkksRHZ3wEf veunhvMhPSbambyqnFbBfpxQ5523qx0nXaHQ24WYg3DkRaWhw/1jwSqUxIQPaxJR sYv9jQ1hwW8JNg4TxuCrEK4PPgRaMK2NXMmqAXY7dHQudTOIwxy4zzxH7ptYkylL I/NJ+sD3WbN1LmnT+fU/zy/etPyRtHIucdvpnzYIV7NUgg7h9E10e+yg5d4MIe1/ FN/oyEiScNHMxqlHrWeVIq9LXabf8IhZFwYJyJLagCIYAMIlN6LFfAwUFoK+0Fjj azg7GWirLC31paNlLmEJPiVYT13TqINkntt7oXcvJeV0KPT+w6MtCkUQuiPW/ZNP RWMQd2vvqYGLjL4Osw74uzdP1potEZFupUoxMUJpmc1gXMxAPr4HwdgpUbwsggaX p+COJJlj0rXgKbRyBpjpJ5px+s92zYQ/6yOGOQO7Q4txXgYQb3TO7fzzoVAs7JfX SscZLhxIDUg= =PDEr - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2021:3375-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3375 Issue date: 2021-08-31 CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Real Time EUS (v. 8.2) - x86_64 Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z11 Batch source tree (BZ#1984586) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Real Time for NFV EUS (v. 8.2): Source: kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-kvm-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm Red Hat Enterprise Linux Real Time EUS (v. 8.2): Source: kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.src.rpm x86_64: kernel-rt-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-core-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debuginfo-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-devel-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-modules-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm kernel-rt-modules-extra-4.18.0-193.64.1.rt13.115.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3uK9zjgjWX9erEAQjIHQ/+KtXz+auvQkxdLrQ3PVookDYIBp33s9qf MuDyH4ZRoh0Yby3aI9eGcgBiFCJ51Uj80i4wIIsz2ECOFrrcpF3wWfIdArZM/HXc Cs8FAez8IPYmNGmVtuuhwvSRoovnVPRmDtYV0iYu7ptsdd4mf29zXsBywDzCJWSw ltezyyZU5N5xwYTuYNR8F47dGY8VyzTpLbcmxMrTtdscYVe/u8VqYJaDpZrsmHvC GBGs+Ab5Gd3lk6jQxDJx0MiItoCM/+5Eh7EtX5BSM5ER5FTkj+Xvg1yKOP5nRcmT t8BWlaO9HaP18qV4XoUMSS9BwIcYU7cFJiYN7Td57rdmbmS2XLjMWqPTQXxb0ac1 k9e/JkLpAtvJhxByG62jHwh6KyyT6++S0YO+adU4Ng2RKDGEiBjei6wPKKWTJo+Q F+sVmPRqjXts0FeyOJ72uUQRW+77IEhDDXYGSxdQtSgpOYd0PVfbdg/HJM4gEZu/ HiQ08oKKYM7Obd8G83sVzuYEsNI0c+dUVeo9xeOSmP4PVOpTiSdJ6jZRO6+lz3R2 9nBEXYDg3sSh8REV1B58/p3bPJuZcnXYnUeMM+QdcDMMayrPI0MGPK71nvvcdJ2X 3hC7UJTrHaXjJ5IpKhbGuZRlAYVKJYlwwRyZ870ROEgHg3eLFBx+pnEwDIXlltuc 2kK2n9Apl58= =IEMW - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:3380-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3380 Issue date: 2021-08-31 CVE Names: CVE-2021-3609 CVE-2021-22543 CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1965461 - CVE-2021-22543 kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1971651 - CVE-2021-3609 kernel: race condition in net/can/bcm.c leads to local privilege escalation 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kpatch-patch-4_18_0-193_19_1-1-11.el8_2.src.rpm kpatch-patch-4_18_0-193_28_1-1-9.el8_2.src.rpm kpatch-patch-4_18_0-193_29_1-1-9.el8_2.src.rpm kpatch-patch-4_18_0-193_37_1-1-9.el8_2.src.rpm kpatch-patch-4_18_0-193_40_1-1-9.el8_2.src.rpm kpatch-patch-4_18_0-193_41_1-1-9.el8_2.src.rpm kpatch-patch-4_18_0-193_46_1-1-6.el8_2.src.rpm kpatch-patch-4_18_0-193_47_1-1-6.el8_2.src.rpm kpatch-patch-4_18_0-193_51_1-1-3.el8_2.src.rpm kpatch-patch-4_18_0-193_56_1-1-2.el8_2.src.rpm kpatch-patch-4_18_0-193_60_2-1-1.el8_2.src.rpm ppc64le: kpatch-patch-4_18_0-193_19_1-1-11.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_19_1-debuginfo-1-11.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_19_1-debugsource-1-11.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-debuginfo-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_28_1-debugsource-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-debuginfo-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_29_1-debugsource-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-debuginfo-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_37_1-debugsource-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-debuginfo-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_40_1-debugsource-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-debuginfo-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_41_1-debugsource-1-9.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-debuginfo-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_46_1-debugsource-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-debuginfo-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_47_1-debugsource-1-6.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-debuginfo-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_51_1-debugsource-1-3.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-debuginfo-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_56_1-debugsource-1-2.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_60_2-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_60_2-debuginfo-1-1.el8_2.ppc64le.rpm kpatch-patch-4_18_0-193_60_2-debugsource-1-1.el8_2.ppc64le.rpm x86_64: kpatch-patch-4_18_0-193_19_1-1-11.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_19_1-debuginfo-1-11.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_19_1-debugsource-1-11.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-debuginfo-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_28_1-debugsource-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-debuginfo-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_29_1-debugsource-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-debuginfo-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_37_1-debugsource-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-debuginfo-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_40_1-debugsource-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-debuginfo-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_41_1-debugsource-1-9.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-debuginfo-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_46_1-debugsource-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-debuginfo-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_47_1-debugsource-1-6.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-debuginfo-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_51_1-debugsource-1-3.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-debuginfo-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_56_1-debugsource-1-2.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_60_2-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_60_2-debuginfo-1-1.el8_2.x86_64.rpm kpatch-patch-4_18_0-193_60_2-debugsource-1-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS3xBtzjgjWX9erEAQgl5w/9GMNPgtrs19lghz8Z63SM2GQOpF5aNqhk RPDZKMz6ai2zz3JvH8QDMtAkWUUIM6wjqH7frERcJ6gEn8chPnG8dYtECiJnqBsn gWa2yb/Dg802kR3Y0PxJTUsri36ikbXszN38NKN8LmT6Dd8YREUXZ/g6HKHEZxSB ed7AsaUnGpN04BrXXXOdiUmBAr2mPBU5bfFHeRLo2aNF1YolItJaOVpiSA771out n8p3WQywat1/wCe3yaERLS//9SjKhHHYR6e/tjG/gwQ1AE6JWyT7EFWFF6e4KVUf 5j5YIMiiksCwJROTNdLpnpuVFrSwEXbNvhvnoftyqQ4xVItqdJl+pk0+Y14rO042 NCq3HXqhn718QQjRD/AgdBcFpgNb5KAv2IopA7Ja3KUtRG93/+/7bNWWJ3oKQzpf 7Fx8IIR/VVAv+alxQTs1M2X6qeLC+E9gIbMBbBQ+qjYn249lY6ZO/vgQ2HBrQCpM B7bW0dG7LlDUO4ank2eTZZdOzCeAYAjdZmaVkFizsk6OZA3vS43LfgaNh5lZtuZb o3R9wZIQ8+1xCQyuXt8yTSU1WNx1x1WO0Mvf0YVlTAjAafiMlaAAEkdxpxBpyQwA 841aQQQq0IXWo/vmmsN4+kwwN7P+PDUz3kbjzENHLMUqBViQzCYcZgUpp7eyW32s nVSvD3VJeBo= =4DNH - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:3381-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3381 Issue date: 2021-08-31 CVE Names: CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Server (v. 7): Source: kpatch-patch-3_10_0-1160-1-8.el7.src.rpm kpatch-patch-3_10_0-1160_11_1-1-7.el7.src.rpm kpatch-patch-3_10_0-1160_15_2-1-7.el7.src.rpm kpatch-patch-3_10_0-1160_21_1-1-5.el7.src.rpm kpatch-patch-3_10_0-1160_24_1-1-3.el7.src.rpm kpatch-patch-3_10_0-1160_25_1-1-3.el7.src.rpm kpatch-patch-3_10_0-1160_2_1-1-8.el7.src.rpm kpatch-patch-3_10_0-1160_2_2-1-8.el7.src.rpm kpatch-patch-3_10_0-1160_31_1-1-2.el7.src.rpm kpatch-patch-3_10_0-1160_36_2-1-1.el7.src.rpm kpatch-patch-3_10_0-1160_6_1-1-8.el7.src.rpm ppc64le: kpatch-patch-3_10_0-1160-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160-debuginfo-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_11_1-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_11_1-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_15_2-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_15_2-debuginfo-1-7.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_21_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_21_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_24_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_24_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_25_1-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_25_1-debuginfo-1-3.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_2_1-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_2_1-debuginfo-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_2_2-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_2_2-debuginfo-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_31_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_31_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_36_2-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_36_2-debuginfo-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_6_1-1-8.el7.ppc64le.rpm kpatch-patch-3_10_0-1160_6_1-debuginfo-1-8.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-1160-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160-debuginfo-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_11_1-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-1160_11_1-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-1160_15_2-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-1160_15_2-debuginfo-1-7.el7.x86_64.rpm kpatch-patch-3_10_0-1160_21_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-1160_21_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-1160_24_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_24_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_25_1-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_25_1-debuginfo-1-3.el7.x86_64.rpm kpatch-patch-3_10_0-1160_2_1-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_2_1-debuginfo-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_2_2-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_2_2-debuginfo-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_31_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1160_31_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-1160_36_2-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_36_2-debuginfo-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-1160_6_1-1-8.el7.x86_64.rpm kpatch-patch-3_10_0-1160_6_1-debuginfo-1-8.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS33T9zjgjWX9erEAQgC/w/+MIVLnXWkC8sDm7626td8OLMfQ3gBGVM/ 8Hj5B/lbz9pJXdCt1Ag/dBHkwxxFLfzjzamHAJmaDFJFcyeZZ+Ge16mCwVInSXZy G7tnsJ2VQ7iS8LpStVOg0nsruZbXqP8qX+uaRw4jcow13tfuWzlQGpcXf0X9hdA5 t62CDxjGe2X/Svz79QyEYqEP1BxcM2Xl4/JfNPXsLlRA7TuQ15SiwmpF+583wOAF rnVsrxOmZ+gA35eJo45mk+Wkv0xOMG/ntqhe4zHX4avDWvADTa906a5xTRAaBkId 0UJKv8p3URuzZRX8Ry/MjtjAJIQC/Ek1G1cFENDlm9LPQQv23tNbMQVvvnABROif vOjyqTJgyAnm5vxYBCuxnaCf6QQNWMuK7XmCI2ipj5LBdY/BD/uZGMQOmXgYX9IV snBePzi2Qcy5FsTRm8TXZmRWumuRgqi0ZBvVcAm/aAJrtL5S0MTrTyNh/l0UxPwf Ms6oPjjgOj8pB2CiRphlj51VHL+L7z//ZrBd15TQLi+mvXrRnDjxD0lUQzNNeykL F0co9eZCu6t9DidQssvAXrD/kRKz6MgRdDWdZl4RRmReVJ3d9V74MaUxVjT6U6I5 jcOizMPxWGTpcI4N8oAaTh+XSQWL6L2/zFP85Xr5Xx0YtgizpL/aGhjDNs/+GyG2 0oVXkIPndL8= =GFdy - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kpatch-patch security update Advisory ID: RHSA-2021:3392-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3392 Issue date: 2021-08-31 CVE Names: CVE-2021-32399 ===================================================================== 1. Summary: An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server E4S (v. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 6. Package List: Red Hat Enterprise Linux Server E4S (v. 7.6): Source: kpatch-patch-3_10_0-957_61_1-1-5.el7.src.rpm kpatch-patch-3_10_0-957_61_2-1-5.el7.src.rpm kpatch-patch-3_10_0-957_62_1-1-5.el7.src.rpm kpatch-patch-3_10_0-957_65_1-1-5.el7.src.rpm kpatch-patch-3_10_0-957_66_1-1-5.el7.src.rpm kpatch-patch-3_10_0-957_70_1-1-4.el7.src.rpm kpatch-patch-3_10_0-957_72_1-1-2.el7.src.rpm kpatch-patch-3_10_0-957_76_1-1-2.el7.src.rpm kpatch-patch-3_10_0-957_78_2-1-1.el7.src.rpm ppc64le: kpatch-patch-3_10_0-957_61_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_2-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_61_2-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_62_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_62_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_65_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-5.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-4.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-2.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-1-1.el7.ppc64le.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-1.el7.ppc64le.rpm x86_64: kpatch-patch-3_10_0-957_61_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_2-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_61_2-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_62_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_62_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_65_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_65_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_66_1-debuginfo-1-5.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_70_1-debuginfo-1-4.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_72_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_76_1-debuginfo-1-2.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-1-1.el7.x86_64.rpm kpatch-patch-3_10_0-957_78_2-debuginfo-1-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS4widzjgjWX9erEAQh1NA/8DAwXS73YUlqO6VsjIlr+jzwVMgxhTIf/ q+EGIE3xkZTInR8hEEjlTa1HDsENO+fPU6prt77U0SRhsMB76bs+9ZPti0SQnlZ7 A9OnhgXP1oLQXNi16cJOSoFXS/3QFu3D6Pdagi5yxcS0rw+OsvglvDM5tu91JuHG +3wjmuUMSBqnhvYahH6OZMrODpoPfaqMB727msPoZUaIsrUmeIAdnw+xl6CzFIqM VW9rErjglfj01S6R/xg4xL6UidxVxaZh5oc6BHePhPkXcjGqNusl1oiEh5BKgjRi MDedf7I380PoEUbCctlUcy+62rUewUX45ULri1c/FVJqFNlMEUwrBRc6LdvBQSLu 0utvMJSTYJif3uWNITn/2awL6X0jt8+F8che/4C33MYvmsHIr1SG6FDV7lBmmT98 Y9qCOoujUtDUxyRM1MlChvlohIIFyXjsAsx6ft8pIVdU6J2S4/oPWER7x2kbCnev QhcSqtG1tcIWfEy2JMKN7urnrzYyLdZg5/Nkqf6h9AsdZ1pdkW7YlPOLWCkWWjC+ OJnmq9cPo3HrKTIZsw+/4NSmu6bnDcO9Le4i2FaCJGaFOQiTWMRKt24oDvCduOW+ tVZkXQDUc8zBYdcOkd5icDQGuapJIhKygY2Vbo+GMm/W/H2RIku2+tGm7ptWPovf xIzPx0M/n9k= =/uzs - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:3399-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3399 Issue date: 2021-08-31 CVE Names: CVE-2021-3347 CVE-2021-22555 CVE-2021-32399 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1975163) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1922249 - CVE-2021-3347 kernel: Use after free via PI futex state 1970807 - CVE-2021-32399 kernel: race condition for removal of the HCI controller 1980101 - CVE-2021-22555 kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c 6. Package List: Red Hat Enterprise Linux Server AUS (v. 7.2): Source: kernel-3.10.0-327.100.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-327.100.1.el7.noarch.rpm kernel-doc-3.10.0-327.100.1.el7.noarch.rpm x86_64: kernel-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm kernel-devel-3.10.0-327.100.1.el7.x86_64.rpm kernel-headers-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.100.1.el7.x86_64.rpm perf-3.10.0-327.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm python-perf-3.10.0-327.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: kernel-debug-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.100.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.100.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3347 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-32399 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYS6G+9zjgjWX9erEAQjlXA/+NY7jrOKKWEkuepexvRMye18HZW5BE9jN Lxdg268Nkif95eNmtd+gS0qracaO4HR9Iv01nDoNqf75NsK7FV03eN5Z8LYwrm6r t/b4S4fVRU7bWwUlDE5s8HAhAHLmQ0t2B1cb/XII6R8sSdYG5jHAiFQB1VDS9Z1u Fi8ICfvM2wJZWVZguZWsXzZvLYYBxUxhE0rHcoCuoTIXHIi/QuFtpJ/QBZyAaphz AVtuRYQ62xOB3Xh7DWiPJK3dYFTqADqyENU58W7cQ2p6/w+Q8XTBZwXmtO0Skli2 A0PTrSGDYkvEiBPz9iSKzrLlkrOAB2V3s5dnzB1gEqJC1k9JNn8EnG1rPvW5p3Kk M6FFBb+AJ9CZ9yn7N1zzclEZTMZPkIIduUUAijFHff2uH1nQFwadWuo3UFu3L0G+ e0al2Sh64/fJ7QMJBEwA1fQsk36h8rJgBcMKGEdQ+cEE3rUmymg23cANAZTvSq1G zFfkJFRHZ6ydjuk//6mVDwuM9GA/Uhd+xu7PHf4PTnE5VZDDfebP69LEV+zHlobh MSKRHMFDap2h5AO6QNm/g+oH/NS8C1I3/c76SmkTU0ebvrcsWrx9ZZ63jRH/nncd 0YgwIwmkgBZTf/o5tjJxugIix5g4mwsJOf/x2o44t5gXb7Iug+xEPb6+K3NinFRM hVDE3gCjZ3U= =5gdy - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYS7ofeNLKJtyKPYoAQjTyA//Q2CGK3tMqB0A448LXhGh/SGIgeX8nZaU lTFF+9dEE6H0FR9oGPjej+nXVI7dOhAzjE8p9oMpSuJ74FibYIZmG/T4BKzF/3v5 LoUcv4LjHAIvPTjbcEQ9L+/ytiE8Jeh4aut/yJfOOq9XWzioPSDB1yaH8RunALHJ dQr5PBJXmSJhwZ8XFUcVtJWo/38d8yT9NMFOf0119Iq5zH20eHqjbHC96TukSzKx vROUdVBaFMefjHA62fzEga1Ay9TO07RmfHiOxvKxBsaPLwc/yarDlV0LwSJYF2U3 uVebBlpYw+2RnnlrC474te4Y+Z1Xr6unbOH/+DsiPqZAtlSren647P55KbKpGj0d UUPrDG4zZZ+nZKOF0bQViqgkb49rwjz9POqsbIUPcIYzlT9bU0z/M3Mnm6/Ox2U9 Fkh5KCBPAN53pmSoCGa8ghTPBeE6hAaq5j0/7j/zD0ce4MtVS27p5CQ7ZsEy6gZc BqTvq9MSrJVQSIWij+tkfmr4dikiyOEuoYknzA5kyjuBgpRGTnGze0MUnYiLTe+O rupOoemm0gsbN0tOu0J2wTzh3awDBdec4Uan2VOWFRXuCd7c81mS3mqBlVTUfaDo iOqw3rQM+8AnhUWMLAcOkbzqFW3OeI+OygdFW/u3igYuh6EMfL3f+zgJZ/C6m2Kj RJYZjRjliBM= =9Xy7 -----END PGP SIGNATURE-----