Lucene search

K
centosCentOS ProjectCESA-2022:5937
HistoryAug 15, 2022 - 5:35 p.m.

bpftool, kernel, perf, python security update

2022-08-1517:35:43
CentOS Project
lists.centos.org
115
centos
linux
security fix
incomplete cleanup
cve
bug fix
solarflare
page allocation
qede driver
ltp testcase
crash
inode
red hat

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.4%

CentOS Errata and Security Advisory CESA-2022:5937

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)

  • Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)

  • Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • SolarFlare sfc spurious TX completion (BZ#1793280)

  • Page allocation failure on cryptsetup open (BZ#2072970)

  • The kernel-rt crashes where one task is indefinitely looping in __start_cfs_bandwidth() with the cfs_b->lock spinlock being held (BZ#2077346)

  • While using PTimekeeper the qede driver produces excessive log messages (BZ#2080646)

  • The kernel crashes due to a GPF happens in mutex_spin_on_owner(). The known RDMA/cma bug that was introduced with a patch from upstream commit 722c7b2bfead is the possible cause. (BZ#2085425)

  • Running LTP testcase creat09 fails showing related to ‘cve-2018-13405’ (BZ#2089360)

  • Crash when releasing inode which was on unmouted superblock (BZ#2096884)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2022-August/086319.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2022:5937

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.4%