Red Hat 9062 Published by

A kernel security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 8.



RHSA-2022:1988-01: Important: kernel security, bug fix, and enhancement update



=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2022:1988-01
Product: Red Hat Enterprise Linux
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:1988
Issue date: 2022-05-10
CVE Names: CVE-2020-0404 CVE-2020-4788 CVE-2020-13974
CVE-2020-27820 CVE-2021-0941 CVE-2021-3612
CVE-2021-3669 CVE-2021-3743 CVE-2021-3744
CVE-2021-3752 CVE-2021-3759 CVE-2021-3764
CVE-2021-3772 CVE-2021-3773 CVE-2021-4002
CVE-2021-4037 CVE-2021-4083 CVE-2021-4157
CVE-2021-4197 CVE-2021-4203 CVE-2021-20322
CVE-2021-21781 CVE-2021-26401 CVE-2021-29154
CVE-2021-37159 CVE-2021-41864 CVE-2021-42739
CVE-2021-43056 CVE-2021-43389 CVE-2021-43976
CVE-2021-44733 CVE-2021-45485 CVE-2021-45486
CVE-2022-0001 CVE-2022-0002 CVE-2022-0286
CVE-2022-0322 CVE-2022-1011
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: fget: check that the fd still exists after getting a ref to it
(CVE-2021-4083)

* kernel: avoid cyclic entity chains due to malformed USB descriptors
(CVE-2020-0404)

* kernel: speculation on incompletely validated data on IBM Power9
(CVE-2020-4788)

* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
(CVE-2020-13974)

* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a
use-after-free (CVE-2021-0941)

* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
(CVE-2021-3612)

* kernel: reading /proc/sysvipc/shm does not scale with large shared memory
segment counts (CVE-2021-3669)

* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
(CVE-2021-3743)

* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(CVE-2021-3744)

* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)

* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg
limits and DoS attacks (CVE-2021-3759)

* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)

* kernel: sctp: Invalid chunks may be used to remotely remove existing
associations (CVE-2021-3772)

* kernel: lack of port sanity checking in natd and netfilter leads to
exploit of OpenVPN clients (CVE-2021-3773)

* kernel: possible leak or coruption of data residing on hugetlbfs
(CVE-2021-4002)

* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)

* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)

* kernel: cgroup: Use open-time creds and namespace for migration perm
checks (CVE-2021-4197)

* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
(CVE-2021-4203)

* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed
packets replies (CVE-2021-20322)

* kernel: arm: SIGPAGE information disclosure vulnerability
(CVE-2021-21781)

* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)

* kernel: Local privilege escalation due to incorrect BPF JIT branch
displacement computation (CVE-2021-29154)

* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
(CVE-2021-37159)

* kernel: eBPF multiplication integer overflow in
prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to
out-of-bounds write (CVE-2021-41864)

* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)

* kernel: ppc: kvm: allows a malicious KVM guest to crash the host
(CVE-2021-43056)

* kernel: an array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (CVE-2021-43389)

* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c
allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)

* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)

* kernel: information leak in the IPv6 implementation (CVE-2021-45485)

* kernel: information leak in the IPv4 implementation (CVE-2021-45486)

* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)

* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)

* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)

* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
(CVE-2022-0322)

* kernel: FUSE allows UAF reads of write() buffers, allowing theft of
(partial) /etc/shadow hashes (CVE-2022-1011)

* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

  https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (  https://bugzilla.redhat.com/):

1888433 - CVE-2020-4788 kernel: speculation on incompletely validated data on IBM Power9
1901726 - CVE-2020-27820 kernel: use-after-free in nouveau kernel module
1919791 - CVE-2020-0404 kernel: avoid cyclic entity chains due to malformed USB descriptors
1946684 - CVE-2021-29154 kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation
1951739 - CVE-2021-42739 kernel: Heap buffer overflow in firedtv driver
1957375 - [RFE] x86, tsc: Add kcmdline args for skipping tsc calibration sequences
1974079 - CVE-2021-3612 kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()
1981950 - CVE-2021-21781 kernel: arm: SIGPAGE information disclosure vulnerability
1983894 - Hostnetwork pod to service backed by hostnetwork on the same node is not working with OVN Kubernetes
1985353 - CVE-2021-37159 kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c
1986473 - CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
1994390 - FIPS: deadlock between PID 1 and "modprobe crypto-jitterentropy_rng" at boot, preventing system to boot
1997338 - block: update to upstream v5.14
1997467 - CVE-2021-3764 kernel: DoS in ccp_run_aes_gcm_cmd() function
1997961 - CVE-2021-3743 kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c
1999544 - CVE-2021-3752 kernel: possible use-after-free in bluetooth module
1999675 - CVE-2021-3759 kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
2000627 - CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
2000694 - CVE-2021-3772 kernel: sctp: Invalid chunks may be used to remotely remove existing associations
2004949 - CVE-2021-3773 kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients
2009312 - Incorrect system time reported by the cpu guest statistics (PPC only).
2009521 - XFS: sync to upstream v5.11
2010463 - CVE-2021-41864 kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write
2011104 - statfs reports wrong free space for small quotas
2013180 - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
2014230 - CVE-2021-20322 kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
2015525 - SCTP peel-off with SELinux and containers in OCP
2015755 - zram: zram leak with warning when running zram02.sh in ltp
2016169 - CVE-2020-13974 kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c
2017073 - CVE-2021-43056 kernel: ppc: kvm: allows a malicious KVM guest to crash the host
2017796 - ceph omnibus backport for RHEL-8.6.0
2018205 - CVE-2021-0941 kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free
2022814 - Rebase the input and HID stack in 8.6 to v5.15
2025003 - CVE-2021-43976 kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device
2025726 - CVE-2021-4002 kernel: possible leak or coruption of data residing on hugetlbfs
2027239 - CVE-2021-4037 kernel: security regression for CVE-2018-13405
2029923 - CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it
2030476 - Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel
2030747 - CVE-2021-44733 kernel: use-after-free in the TEE subsystem
2031200 - rename(2) fails on subfolder mounts when the share path has a trailing slash
2034342 - CVE-2021-4157 kernel: Buffer overwrite in decode_nfs_fh function
2035652 - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks
2036934 - CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses
2037019 - CVE-2022-0286 kernel: Local denial of service in bond_ipsec_add_sa
2039911 - CVE-2021-45485 kernel: information leak in the IPv6 implementation
2039914 - CVE-2021-45486 kernel: information leak in the IPv4 implementation
2042798 - [RHEL8.6][sfc] General sfc driver update
2042822 - CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c
2043453 - [RHEL8.6 wireless] stack & drivers general update to v5.16+
2046021 - kernel 4.18.0-358.el8 async dirops causes write errors with namespace restricted caps
2048251 - Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode
2061700 - CVE-2021-26401 hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715
2061712 - CVE-2022-0001 hw: cpu: intel: Branch History Injection (BHI)
2061721 - CVE-2022-0002 hw: cpu: intel: Intra-Mode BTI
2064855 - CVE-2022-1011 kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-372.9.1.el8.src.rpm

aarch64:
bpftool-4.18.0-372.9.1.el8.aarch64.rpm
bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-4.18.0-372.9.1.el8.aarch64.rpm
kernel-core-4.18.0-372.9.1.el8.aarch64.rpm
kernel-cross-headers-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-core-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-devel-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-modules-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm
kernel-devel-4.18.0-372.9.1.el8.aarch64.rpm
kernel-headers-4.18.0-372.9.1.el8.aarch64.rpm
kernel-modules-4.18.0-372.9.1.el8.aarch64.rpm
kernel-modules-extra-4.18.0-372.9.1.el8.aarch64.rpm
kernel-tools-4.18.0-372.9.1.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-tools-libs-4.18.0-372.9.1.el8.aarch64.rpm
perf-4.18.0-372.9.1.el8.aarch64.rpm
perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
python3-perf-4.18.0-372.9.1.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm

noarch:
kernel-abi-stablelists-4.18.0-372.9.1.el8.noarch.rpm
kernel-doc-4.18.0-372.9.1.el8.noarch.rpm

ppc64le:
bpftool-4.18.0-372.9.1.el8.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-core-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-cross-headers-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-core-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-devel-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-modules-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-devel-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-headers-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-modules-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-modules-extra-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-tools-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-tools-libs-4.18.0-372.9.1.el8.ppc64le.rpm
perf-4.18.0-372.9.1.el8.ppc64le.rpm
perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
python3-perf-4.18.0-372.9.1.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm

s390x:
bpftool-4.18.0-372.9.1.el8.s390x.rpm
bpftool-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
kernel-4.18.0-372.9.1.el8.s390x.rpm
kernel-core-4.18.0-372.9.1.el8.s390x.rpm
kernel-cross-headers-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-core-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-devel-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-modules-4.18.0-372.9.1.el8.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.9.1.el8.s390x.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.9.1.el8.s390x.rpm
kernel-devel-4.18.0-372.9.1.el8.s390x.rpm
kernel-headers-4.18.0-372.9.1.el8.s390x.rpm
kernel-modules-4.18.0-372.9.1.el8.s390x.rpm
kernel-modules-extra-4.18.0-372.9.1.el8.s390x.rpm
kernel-tools-4.18.0-372.9.1.el8.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.9.1.el8.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8.s390x.rpm
perf-4.18.0-372.9.1.el8.s390x.rpm
perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm
python3-perf-4.18.0-372.9.1.el8.s390x.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.s390x.rpm

x86_64:
bpftool-4.18.0-372.9.1.el8.x86_64.rpm
bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-4.18.0-372.9.1.el8.x86_64.rpm
kernel-core-4.18.0-372.9.1.el8.x86_64.rpm
kernel-cross-headers-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-core-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-devel-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-modules-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm
kernel-devel-4.18.0-372.9.1.el8.x86_64.rpm
kernel-headers-4.18.0-372.9.1.el8.x86_64.rpm
kernel-modules-4.18.0-372.9.1.el8.x86_64.rpm
kernel-modules-extra-4.18.0-372.9.1.el8.x86_64.rpm
kernel-tools-4.18.0-372.9.1.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-tools-libs-4.18.0-372.9.1.el8.x86_64.rpm
perf-4.18.0-372.9.1.el8.x86_64.rpm
perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
python3-perf-4.18.0-372.9.1.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.9.1.el8.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.9.1.el8.aarch64.rpm
perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.9.1.el8.ppc64le.rpm
perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.9.1.el8.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.9.1.el8.x86_64.rpm
perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.9.1.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
  https://access.redhat.com/security/team/key/

7. References:

  https://access.redhat.com/security/cve/CVE-2020-0404
  https://access.redhat.com/security/cve/CVE-2020-4788
  https://access.redhat.com/security/cve/CVE-2020-13974
  https://access.redhat.com/security/cve/CVE-2020-27820
  https://access.redhat.com/security/cve/CVE-2021-0941
  https://access.redhat.com/security/cve/CVE-2021-3612
  https://access.redhat.com/security/cve/CVE-2021-3669
  https://access.redhat.com/security/cve/CVE-2021-3743
  https://access.redhat.com/security/cve/CVE-2021-3744
  https://access.redhat.com/security/cve/CVE-2021-3752
  https://access.redhat.com/security/cve/CVE-2021-3759
  https://access.redhat.com/security/cve/CVE-2021-3764
  https://access.redhat.com/security/cve/CVE-2021-3772
  https://access.redhat.com/security/cve/CVE-2021-3773
  https://access.redhat.com/security/cve/CVE-2021-4002
  https://access.redhat.com/security/cve/CVE-2021-4037
  https://access.redhat.com/security/cve/CVE-2021-4083
  https://access.redhat.com/security/cve/CVE-2021-4157
  https://access.redhat.com/security/cve/CVE-2021-4197
  https://access.redhat.com/security/cve/CVE-2021-4203
  https://access.redhat.com/security/cve/CVE-2021-20322
  https://access.redhat.com/security/cve/CVE-2021-21781
  https://access.redhat.com/security/cve/CVE-2021-26401
  https://access.redhat.com/security/cve/CVE-2021-29154
  https://access.redhat.com/security/cve/CVE-2021-37159
  https://access.redhat.com/security/cve/CVE-2021-41864
  https://access.redhat.com/security/cve/CVE-2021-42739
  https://access.redhat.com/security/cve/CVE-2021-43056
  https://access.redhat.com/security/cve/CVE-2021-43389
  https://access.redhat.com/security/cve/CVE-2021-43976
  https://access.redhat.com/security/cve/CVE-2021-44733
  https://access.redhat.com/security/cve/CVE-2021-45485
  https://access.redhat.com/security/cve/CVE-2021-45486
  https://access.redhat.com/security/cve/CVE-2022-0001
  https://access.redhat.com/security/cve/CVE-2022-0002
  https://access.redhat.com/security/cve/CVE-2022-0286
  https://access.redhat.com/security/cve/CVE-2022-0322
  https://access.redhat.com/security/cve/CVE-2022-1011
  https://access.redhat.com/security/updates/classification/#important
  https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.