Important: kernel security, bug fix, and enhancement update

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
• Information leak in scsi_ioctl() (CVE-2022-0494)
• A kernel-info-leak issue in pfkey_register (CVE-2022-1353)
• RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
• Branch Type Confusion (non-retbleed) (CVE-2022-23825)
• RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Add s390_iommu_aperture kernel parameter (BZ#2081324)
• Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)
• Update NVME subsystem with bug fixes and minor changes (BZ#2106017)
• Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)
• "vmcore failed, _exitcode:139" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)
• 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)
• Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)
• Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)
• IOMMU/DMA update for 8.7 (BZ#2111692)
• Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13) (BZ#2112103)
• Incorrect Socket(s) & "Core(s) per socket" reported by lscpu command. (BZ#2112820)
• Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)
• pyverbs-tests fail over qede IW HCAs on "test_query_rc_qp" (tests.test_qp.QPTest) (BZ#2119122)
• qedi shutdown handler hangs upon reboot (BZ#2119847)
• cache link_info for ethtool (BZ#2120197)
• Important iavf bug fixes (BZ#2120225)
• Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)
• While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)
• general protection fault handling rpc_xprt.timer (BZ#2126184)
• Not enough device MSI-X vectors (BZ#2126482)
• Atlantic driver panic on wakeup after hybernate (BZ#2127845)
• Memory leak in vxlan_xmit_one (BZ#2131255)
• Missing hybernate/resume fixes (BZ#2131936)

Enhancement(s):

• Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)
• qed/qede/qedr - driver updates to latest upstream (BZ#2120611)
• Update qedi driver to latest upstream (BZ#2120612)
• Update qedf driver to latest upstream (BZ#2120613)
• Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)
• Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat Enterprise Linux Server - AUS 8.6 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat Virtualization Host 4 for RHEL 8 x86_64
• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux Server - TUS 8.6 x86_64
• Red Hat Enterprise Linux for ARM 64 8 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
• Red Hat CodeReady Linux Builder for x86_64 8 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

• BZ - 2039448 - CVE-2022-0494 kernel: information leak in scsi_ioctl()
• BZ - 2066819 - CVE-2022-1353 Kernel: A kernel-info-leak issue in pfkey_register
• BZ - 2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
• BZ - 2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions
• BZ - 2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed)
• BZ - 2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

CVEs

• CVE-2022-0494
• CVE-2022-1353
• CVE-2022-2588
• CVE-2022-23816
• CVE-2022-23825
• CVE-2022-29900
• CVE-2022-29901

References

• https://access.redhat.com/security/updates/classification/#important