A kernel security, bug fix, and enhancement update has been released for Red Hat Enterprise Linux 8.
RHSA-2022:6460-01: Moderate: kernel security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2022:6460-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6460
Issue date: 2022-09-13
CVE Names: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
=====================================================================
1. Summary:
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* Incomplete cleanup of multi-core shared buffers (aka SBDR)
(CVE-2022-21123)
* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
(CVE-2022-21125)
* Incomplete cleanup in specific special register write operations (aka
DRPW) (CVE-2022-21166)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* Bad page state in process qemu-kvm pfn:68a74600 (BZ#2081013)
* slub corruption during LPM of hnv interface (BZ#2081250)
* Affinity broken due to vector space exhaustion (BZ#2084646)
* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)
* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)
(BZ#2092241)
* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)
(BZ#2095654)
* mt7921: free resources on pci_probe error path (BZ#2101684)
* NLM should be more defensive if underlying FS changes fl_owner
(BZ#2102099)
* RHEL8/async-pf Guest call trace when reboot after postcopy migration with
high stress workload (BZ#2105340)
* execve exit tracepoint not called (BZ#2106662)
* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)
* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)
* KVM selftests fail to compile (BZ#2107655)
* Some monitor have no display with AMD W6400 when boot into OS.
(BZ#2109826)
* Percpu counter usage is gradually getting increasing during podman
container recreation. (BZ#2110039)
* multipath failed to recover after EEH hit on flavafish adapter on
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)
* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)
* trouble re-assigning MACs to VFs, ice stricter than other drivers
(BZ#2111936)
* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)
* Multicast packets are not received by all VFs on the same port even
though they have the same VLAN (BZ#2117026)
* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)
* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)
* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)
* bridge over bond over ice ports has no connection (BZ#2118580)
* Fix max VLANs available for VF (BZ#2118581)
* offline selftest failed (BZ#2118582)
* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on
E810-XXVDA4T (WPC) (BZ#2118583)
* VM configured with failover interface will coredump after been migrating
from source host to target host(only iavf driver) (BZ#2118705)
* Fix max VLANs available for untrusted VF (BZ#2118707)
* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset
(BZ#2120776)
Enhancement(s):
* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)
* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)
* ice: Driver Update (BZ#2102359)
* iavf: Driver Update (BZ#2102360)
* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
5. Bugs fixed ( https://bugzilla.redhat.com/):
2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)
6. Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
kernel-4.18.0-372.26.1.el8_6.src.rpm
aarch64:
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
noarch:
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm
ppc64le:
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
s390x:
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
perf-4.18.0-372.26.1.el8_6.s390x.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
x86_64:
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
ppc64le:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
x86_64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-21123
https://access.redhat.com/security/cve/CVE-2022-21125
https://access.redhat.com/security/cve/CVE-2022-21166
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.