Lucene search

K
redhatRedHatRHSA-2022:8685
HistoryNov 29, 2022 - 1:29 p.m.

(RHSA-2022:8685) Important: kernel security and bug fix update

2022-11-2913:29:32
access.redhat.com
28
kernel packages
linux operating system
kvm
cmpxchg_gpte
pfns
e810-xxv
multicast packets
vlan
kernel bug
zfcp
memory leak
vxlan_xmit_one
nf_conntrack
s390x
bpftrace
intel e810 ptp clock
ptp clock glitching
interface mtu
tx hang debugging
system panic
sriov sriov_test_cntvf_reboot
arp replies
cpu warning
kernel dump
nmi
pao
rt kernel

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • E810-XXV - Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117027)

  • kernel BUG at kernel/sched/deadline.c:1561! [rhel-8.4.0] (BZ#2125673)

  • zfcp: fix missing auto port scan and thus missing target ports (BZ#2127851)

  • memory leak in vxlan_xmit_one (BZ#2131256)

  • nf_conntrack causing nfs to stall (BZ#2134090)

  • s390x: bpftrace Could not read symbols from /sys/kernel/debug/tracing/available_filter_functions: No such device (BZ#2134809)

  • Intel E810 PTP clock glitching (BZ#2136038)

  • configure link-down-on-close on and change interface mtu to 9000,the interface can’t up (BZ#2136218)

  • dump additional CSRs for Tx hang debugging (BZ#2136515)

  • system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137272)

  • arp replies not making it to switch (BZ#2137521)

  • WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138956)

  • Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139582)

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%