{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:7444","synopsis":"Moderate: kernel-rt security and bug fix update","severity":"SEVERITY_MODERATE","topic":"An update for kernel-rt is now available for Rocky Linux 8.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.7 Release Notes linked from the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"1946279","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1946279","description":"CVE-2021-30002 kernel: memory leak for large arguments in video_usercopy function in drivers\/media\/v4l2-core\/v4l2-ioctl.c"},{"ticket":"1980646","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1980646","description":"CVE-2021-3640 kernel: use-after-free vulnerability in function sco_sock_sendmsg()"},{"ticket":"2037386","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2037386","description":"CVE-2022-0168 kernel: smb2_ioctl_query_info NULL Pointer Dereference"},{"ticket":"2037769","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2037769","description":"Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpu?s."},{"ticket":"2051444","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2051444","description":"CVE-2022-24448 kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR"},{"ticket":"2053632","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2053632","description":"CVE-2022-0617 kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback"},{"ticket":"2058395","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2058395","description":"CVE-2022-0854 kernel: swiotlb information leak with DMA_FROM_DEVICE"},{"ticket":"2059928","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2059928","description":"CVE-2020-36516 kernel: off-path attacker may inject data or terminate victim's TCP session"},{"ticket":"2066614","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2066614","description":"CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM"},{"ticket":"2066706","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2066706","description":"CVE-2022-1048 kernel: race condition in snd_pcm_hw_free leading to use-after-free"},{"ticket":"2069408","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2069408","description":"CVE-2022-27950 kernel: memory leak in drivers\/hid\/hid-elo.c"},{"ticket":"2070205","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2070205","description":"CVE-2022-1184 kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image"},{"ticket":"2070220","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2070220","description":"CVE-2022-1055 kernel: use-after-free in tc_new_tfilter() in net\/sched\/cls_api.c"},{"ticket":"2073064","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2073064","description":"CVE-2022-28390 kernel: double free in ems_usb_start_xmit in drivers\/net\/can\/usb\/ems_usb.c"},{"ticket":"2074208","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2074208","description":"CVE-2022-28893 kernel: use after free in SUNRPC subsystem"},{"ticket":"2084183","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2084183","description":"CVE-2022-21499 kernel: possible to use the debugger to write zero into a location of choice"},{"ticket":"2084479","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2084479","description":"CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()"},{"ticket":"2088021","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2088021","description":"CVE-2022-29581 kernel: use-after-free due to improper update of reference count in net\/sched\/cls_u32.c"},{"ticket":"2089815","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2089815","description":"CVE-2022-1852 kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS"},{"ticket":"2096178","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2096178","description":"CVE-2022-2078 kernel: buffer overflow in nft_set_desc_concat_parse()"},{"ticket":"2112693","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2112693","description":"CVE-2020-36558 kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference"},{"ticket":"2114878","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2114878","description":"CVE-2022-2586 kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation"},{"ticket":"2115065","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115065","description":"CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions"},{"ticket":"2115278","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2115278","description":"CVE-2022-36946 kernel: DoS in nfqnl_mangle in net\/netfilter\/nfnetlink_queue.c"},{"ticket":"2120175","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2120175","description":"CVE-2022-2938 kernel: use-after-free when psi trigger is destroyed while being polled"},{"ticket":"2123695","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2123695","description":"CVE-2022-20368 kernel: net\/packet: slab-out-of-bounds access in packet_recvmsg()"}],"cves":[{"name":"CVE-2020-36516","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2020-36516.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:L","cvss3BaseScore":"5.9","cwe":"CWE-290"},{"name":"CVE-2020-36558","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2020-36558.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.1","cwe":"CWE-476"},{"name":"CVE-2021-30002","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2021-30002.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"6.2","cwe":"CWE-772"},{"name":"CVE-2021-3640","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2021-3640.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-362->CWE-416"},{"name":"CVE-2022-0168","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-0168.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"4.4","cwe":"CWE-476"},{"name":"CVE-2022-0617","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-0617.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"4.7","cwe":"CWE-476"},{"name":"CVE-2022-0854","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-0854.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","cvss3BaseScore":"5.5","cwe":"CWE-401"},{"name":"CVE-2022-1016","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1016.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","cvss3BaseScore":"5.5","cwe":"CWE-824"},{"name":"CVE-2022-1048","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1048.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-416"},{"name":"CVE-2022-1055","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1055.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"},{"name":"CVE-2022-1184","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1184.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.5","cwe":"CWE-416"},{"name":"CVE-2022-1852","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-1852.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.5","cwe":"CWE-476"},{"name":"CVE-2022-20368","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-20368.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-787"},{"name":"CVE-2022-2078","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2078.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.5","cwe":"CWE-120"},{"name":"CVE-2022-21499","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-21499.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"(CWE-267|CWE-787)"},{"name":"CVE-2022-24448","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-24448.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N","cvss3BaseScore":"3.3","cwe":"CWE-908"},{"name":"CVE-2022-2586","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2586.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-416"},{"name":"CVE-2022-26373","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-26373.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N","cvss3BaseScore":"5.5","cwe":"CWE-200"},{"name":"CVE-2022-2639","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2639.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-192->CWE-787"},{"name":"CVE-2022-27950","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-27950.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"5.1","cwe":"CWE-401"},{"name":"CVE-2022-28390","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-28390.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-415"},{"name":"CVE-2022-28893","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-28893.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"6.2","cwe":"CWE-416"},{"name":"CVE-2022-2938","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-2938.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"},{"name":"CVE-2022-29581","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-29581.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"},{"name":"CVE-2022-36946","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-36946.json","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"6.2","cwe":""}],"references":[],"publishedAt":"2022-11-13T07:54:31.421908Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}