CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
52.6%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)
kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)
hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)
RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144)
ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823)
[rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625)
System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)
[Dell EMC 9.0 BUG] Any process performing I/O doesn’t fail on degraded LVM RAID and IO process hangs (BZ#2126215)
[HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491)
RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874)
Enable check-kabi (BZ#2132372)
Add symbols to stablelist (BZ#2132373)
Update RHEL9.1 kabi tooling (BZ#2132380)
kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)
[Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553)
WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589)
crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523)
FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)
[ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)
[RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)
kernel memory leak while freeing nested actions (BZ#2137356)
ovs: backports from upstream (BZ#2137358)
kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095)
[DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214)
Fix panic in nbd/004 test (BZ#2139535)
Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141)
[RHEL9] Practically limit “Dummy wait” workaround to old Intel systems (BZ#2142169)
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
52.6%