RHSA-2022_1975
Vulnerability from csaf_redhat - Published: 2022-05-10 13:43 - Updated: 2024-11-15 17:12Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Severity
Important
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
* kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)
* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)
* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)
* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)
* kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)
* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)
* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)
* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)
* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)
* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)
* kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)
* kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)
* kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)
* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)
* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)
* kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)
* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)
* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)
* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)
* kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)
* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)
* kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)
* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)
* kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)
* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)
* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)
* kernel: information leak in the IPv6 implementation (CVE-2021-45485)
* kernel: information leak in the IPv4 implementation (CVE-2021-45486)
* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)
* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)
* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)
* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)
* kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
A flaw integer overflow in the Linux kernel's virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
7.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
4.1 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module nouveau from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
An out-of-bounds (OOB) memory access flaw was found in net/core/filter.c in __bpf_skb_max_len in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
7.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module joydev from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
6.2 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
if
# echo "install sctp /bin/true" >> /etc/modprobe.d/disable-sctp.conf
The system will need to be restarted if the SCTP modules are loaded. In most circumstances, the SCTP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.
If the system requires this module to work correctly, this mitigation may not be suitable.
If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
5.1 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.
4.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.
8.2 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
6.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
The mitigation not known. However, for the default configuration of the Red Hat Enterprise Linux it is not possible to trigger this vulnerability: if control groups (cgroups) not being used or being used with the default configuration or being used some other configuration where for example similar privileges for all processes (both for parent and for child processes), then no way to trigger this vulnerability.
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
5.8 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation (MITIGATION V2-2) may be large enough to be exploited on AMD CPUs.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
AMD recommends mitigation that uses generic retpoline.
A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.
It can be disabled immediately with the command:
# echo 0 > /proc/sys/net/core/bpf_jit_enable
Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable
## start file ##
net.core.bpf_jit_enable=0
## end file ##
A flaw use-after-free in the Linux kernel USB High Speed Mobile Devices functionality was found in the way user detaches USB device. A local user could use this flaw to crash the system or escalate their privileges on the system.
6.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module hso from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
An out-of-bounds (OOB) memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.
7.8 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module firedtv from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module isdn from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
A denial of service flaw was found in mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c in the usb subsystem of the Linux kernel. This is due to a missing clean-up for a malfunctioning usb device with an unknown recv_type.
4.6 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A use-after-free flaw in the Linux kernel TEE (Trusted Execution Environment) subsystem was found in the way user calls ioctl TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with the CONFIG_PREEMPT option or CONFIG_CPU_SW_DOMAIN_PAN option enabled, then it is unlikely that a user can trigger this issue.
7.4 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the modules tee, trusted_tee from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
An information leak flaw was found in the Linux kernel’s IPv6 implementation in the __ipv6_select_ident in net/ipv6/output_core.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
An information leak flaw was found in the Linux kernel’s IPv4 implementation in the ip_rt_init in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information.
CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result in a crash due to mempool->elements being NULL: task1 task2 do_resume ->do_suspend ->dm_wait_for_completion bio_endio ->clone_endio ->dm_io_dec_pending ->end_io_acct ->wakeup task1 ->dm_swap_table ->__bind ->__bind_mempools ->bioset_exit ->mempool_exit ->free_io [ 67.330330] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 ...... [ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO) [ 67.330510] pc : mempool_free+0x70/0xa0 [ 67.330515] lr : mempool_free+0x4c/0xa0 [ 67.330520] sp : ffffff8008013b20 [ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004 [ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8 [ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800 [ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800 [ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80 [ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c [ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd [ 67.330563] x15: 000000000093b41e x14: 0000000000000010 [ 67.330569] x13: 0000000000007f7a x12: 0000000034155555 [ 67.330574] x11: 0000000000000001 x10: 0000000000000001 [ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000 [ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a [ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001 [ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8 [ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970 [ 67.330609] Call trace: [ 67.330616] mempool_free+0x70/0xa0 [ 67.330627] bio_put+0xf8/0x110 [ 67.330638] dec_pending+0x13c/0x230 [ 67.330644] clone_endio+0x90/0x180 [ 67.330649] bio_endio+0x198/0x1b8 [ 67.330655] dec_pending+0x190/0x230 [ 67.330660] clone_endio+0x90/0x180 [ 67.330665] bio_endio+0x198/0x1b8 [ 67.330673] blk_update_request+0x214/0x428 [ 67.330683] scsi_end_request+0x2c/0x300 [ 67.330688] scsi_io_completion+0xa0/0x710 [ 67.330695] scsi_finish_command+0xd8/0x110 [ 67.330700] scsi_softirq_done+0x114/0x148 [ 67.330708] blk_done_softirq+0x74/0xd0 [ 67.330716] __do_softirq+0x18c/0x374 [ 67.330724] irq_exit+0xb4/0xb8 [ 67.330732] __handle_domain_irq+0x84/0xc0 [ 67.330737] gic_handle_irq+0x148/0x1b0 [ 67.330744] el1_irq+0xe8/0x190 [ 67.330753] lpm_cpuidle_enter+0x4f8/0x538 [ 67.330759] cpuidle_enter_state+0x1fc/0x398 [ 67.330764] cpuidle_enter+0x18/0x20 [ 67.330772] do_idle+0x1b4/0x290 [ 67.330778] cpu_startup_entry+0x20/0x28 [ 67.330786] secondary_start_kernel+0x160/0x170 Fix this by: 1) Establishing pointers to 'struct dm_io' members in dm_io_dec_pending() so that they may be passed into end_io_acct() _after_ free_io() is called. 2) Moving end_io_acct() after free_io().
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar to the one addressed by commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from memory reclaim"). Here the nested access to the task page frag is caused by a page fault on the (mmapped) user-space memory buffer coming from the cifs file. The page fault handler performs an smb transaction on a different socket, inside the same process context. Since sk->sk_allaction for such socket does not prevent the usage for the task_frag, the nested allocation modify "under the hood" the page frag in use by the outer sendmsg call, corrupting the stream. The overall relevant stack trace looks like the following: httpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked: ffffffff91461d91 tcp_sendmsg_locked+0x1 ffffffff91462b57 tcp_sendmsg+0x27 ffffffff9139814e sock_sendmsg+0x3e ffffffffc06dfe1d smb_send_kvec+0x28 [...] ffffffffc06cfaf8 cifs_readpages+0x213 ffffffff90e83c4b read_pages+0x6b ffffffff90e83f31 __do_page_cache_readahead+0x1c1 ffffffff90e79e98 filemap_fault+0x788 ffffffff90eb0458 __do_fault+0x38 ffffffff90eb5280 do_fault+0x1a0 ffffffff90eb7c84 __handle_mm_fault+0x4d4 ffffffff90eb8093 handle_mm_fault+0xc3 ffffffff90c74f6d __do_page_fault+0x1ed ffffffff90c75277 do_page_fault+0x37 ffffffff9160111e page_fault+0x1e ffffffff9109e7b5 copyin+0x25 ffffffff9109eb40 _copy_from_iter_full+0xe0 ffffffff91462370 tcp_sendmsg_locked+0x5e0 ffffffff91462370 tcp_sendmsg_locked+0x5e0 ffffffff91462b57 tcp_sendmsg+0x27 ffffffff9139815c sock_sendmsg+0x4c ffffffff913981f7 sock_write_iter+0x97 ffffffff90f2cc56 do_iter_readv_writev+0x156 ffffffff90f2dff0 do_iter_write+0x80 ffffffff90f2e1c3 vfs_writev+0xa3 ffffffff90f2e27c do_writev+0x5c ffffffff90c042bb do_syscall_64+0x5b ffffffff916000ad entry_SYSCALL_64_after_hwframe+0x65 The cifs filesystem rightfully sets sk_allocations to GFP_NOFS, we can avoid the nesting using the sk page frag for allocation lacking the __GFP_FS flag. Do not define an additional mm-helper for that, as this is strictly tied to the sk page frag usage. v1 -> v2: - use a stricted sk_page_frag() check instead of reordering the code (Eric)
6.3 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so changing the coalesce settings on a device where the driver provides only _one_ of the callbacks results in a NULL pointer dereference instead of an -EOPNOTSUPP. Fix the condition so that the availability of both callbacks is ensured. This also matches the netlink code. Note that reproducing this requires some effort - it only affects the legacy ioctl path, and needs a specific combination of driver options: - have .get_coalesce() and .coalesce_supported but no .set_coalesce(), or - have .set_coalesce() but no .get_coalesce(). Here eg. ethtool doesn't cause the crash as it first attempts to call ethtool_get_coalesce() and bails out on error.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_sync() could try to lock the subflow socket for itself, causing a deadlock. sysrq: Show Blocked State task:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000 Call Trace: <TASK> __schedule+0x2d6/0x10c0 ? __mod_memcg_state+0x4d/0x70 ? csum_partial+0xd/0x20 ? _raw_spin_lock_irqsave+0x26/0x50 schedule+0x4e/0xc0 __lock_sock+0x69/0x90 ? do_wait_intr_irq+0xa0/0xa0 __lock_sock_fast+0x35/0x50 mptcp_sockopt_sync_all+0x38/0xc0 __mptcp_push_pending+0x105/0x200 mptcp_sendmsg+0x466/0x490 sock_sendmsg+0x57/0x60 __sys_sendto+0xf0/0x160 ? do_wait_intr_irq+0xa0/0xa0 ? fpregs_restore_userregs+0x12/0xd0 __x64_sys_sendto+0x20/0x30 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f9ba546c2d0 RSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0 RDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234 RBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060 R13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8 </TASK> Fix the issue by using __mptcp_flush_join_list() instead of plain mptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by Florian. The sockopt sync will be deferred to the workqueue.
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix a user-after-free in add_pble_prm When irdma_hmc_sd_one fails, 'chunk' is freed while its still on the PBLE info list. Add the chunk entry to the PBLE info list only after successful setting of the SD in irdma_hmc_sd_one.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in hw. The Branch History Injection (BHI) describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This execution is possible since the relevant branch history may contain branches taken in previous security contexts, and in particular, in other predictor modes.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks.
The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl.
For the Red Hat Enterprise Linux 7, the eBPF for unprivileged users is always disabled.
For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:
# cat /proc/sys/kernel/unprivileged_bpf_disabled
The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
Continue to enable SMEP and Enhanced IBRS. This is the default setting on eligible CPUs.
A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 (BTI) where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently executes. These predictor entries may contain targets corresponding to the targets of an indirect near jump, indirect near call, and near return instructions, even if these branches were only transiently executed. The managed runtimes provide an attacker with the means to create the aliasing required for intra-mode BTI attacks.
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks.
The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl.
For the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.
For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:
# cat /proc/sys/kernel/unprivileged_bpf_disabled
The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
Continue to enable SMEP and Enhanced IBRS. This is the default setting on eligible CPUs.
A NULL pointer dereference flaw was found in the Linux kernel’s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service.
5.1 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
To mitigate this issue, prevent the module bonding from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is to skip loading the affected module SCTP onto the system. Until we have a fix available, this can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.
~~~
How do I blacklist a kernel module to prevent it from loading automatically?
https://access.redhat.com/solutions/41278
~~~
An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
5.5 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the "access_ok" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
5.9 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2022:1975
References
Acknowledgments
Red Hat
Jeremy Cline
Murray McAllister
Venustech
Active Defense Lab
NSFOCUS Security Team
Likang Luo
Zhejiang University
Yutian Yang
elijahbai, jitxie, huntazhang.
University of California, Riverside
Keyu Man, Xin'an Zhou and Zhiyun Qian
AMD
axis.com
Patrik Lantz
Intel
360 Vulnerability Research Institute
De4dCr0w
Tencent Security Yunding Lab
elijahbai
Miklos Szeredi
Jann Horn
Jiasheng Jiang
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n* kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n* kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n* kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n* kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n* kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n* kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n* kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n* kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n* kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n* kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n* kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n* kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n* kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n* kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n* kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n* kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n* kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n* kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n* hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n* kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n* kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n* kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n* kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n* kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n* kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n* kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n* kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n* kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n* hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n* hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n* kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n* kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n* kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\n* kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1975",
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"category": "external",
"summary": "1901726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"category": "external",
"summary": "1903578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903578"
},
{
"category": "external",
"summary": "1905749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905749"
},
{
"category": "external",
"summary": "1919791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919791"
},
{
"category": "external",
"summary": "1946684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946684"
},
{
"category": "external",
"summary": "1951739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739"
},
{
"category": "external",
"summary": "1974079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974079"
},
{
"category": "external",
"summary": "1985353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985353"
},
{
"category": "external",
"summary": "1986473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473"
},
{
"category": "external",
"summary": "1997467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467"
},
{
"category": "external",
"summary": "1997961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997961"
},
{
"category": "external",
"summary": "1999544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999544"
},
{
"category": "external",
"summary": "1999675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675"
},
{
"category": "external",
"summary": "2000627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000627"
},
{
"category": "external",
"summary": "2000694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000694"
},
{
"category": "external",
"summary": "2004949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004949"
},
{
"category": "external",
"summary": "2010463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010463"
},
{
"category": "external",
"summary": "2013180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013180"
},
{
"category": "external",
"summary": "2014230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"category": "external",
"summary": "2016169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016169"
},
{
"category": "external",
"summary": "2018205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018205"
},
{
"category": "external",
"summary": "2025003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025003"
},
{
"category": "external",
"summary": "2025726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025726"
},
{
"category": "external",
"summary": "2027239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027239"
},
{
"category": "external",
"summary": "2029923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923"
},
{
"category": "external",
"summary": "2030747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030747"
},
{
"category": "external",
"summary": "2034342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034342"
},
{
"category": "external",
"summary": "2035652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035652"
},
{
"category": "external",
"summary": "2036934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
},
{
"category": "external",
"summary": "2037019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037019"
},
{
"category": "external",
"summary": "2039911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039911"
},
{
"category": "external",
"summary": "2039914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039914"
},
{
"category": "external",
"summary": "2042822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"
},
{
"category": "external",
"summary": "2061700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061700"
},
{
"category": "external",
"summary": "2061712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061712"
},
{
"category": "external",
"summary": "2061721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061721"
},
{
"category": "external",
"summary": "2064855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064855"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1975.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-11-15T17:12:25+00:00",
"generator": {
"date": "2024-11-15T17:12:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:1975",
"initial_release_date": "2022-05-10T13:43:14+00:00",
"revision_history": [
{
"date": "2022-05-10T13:43:14+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-10T13:43:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T17:12:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"product": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"product_id": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.9.1.rt7.166.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-372.9.1.rt7.166.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src"
},
"product_reference": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "NFV-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src"
},
"product_reference": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"relates_to_product_reference": "RT-8.6.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-0404",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2021-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1919791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw linked list corruption in the Linux kernel for USB Video Class driver functionality was found in the way user connects web camera to the USB port. A local user could use this flaw to crash the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: avoid cyclic entity chains due to malformed USB descriptors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-0404"
},
{
"category": "external",
"summary": "RHBZ#1919791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-0404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0404"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68035c80e129c4cfec659aac4180354530b26527",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68035c80e129c4cfec659aac4180354530b26527"
}
],
"release_date": "2021-01-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: avoid cyclic entity chains due to malformed USB descriptors"
},
{
"cve": "CVE-2020-13974",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2021-01-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2016169"
}
],
"notes": [
{
"category": "description",
"text": "A flaw integer overflow in the Linux kernel\u0027s virtual terminal keyboard driver was found in the way the user sends some specific keyboard code multiple times. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No code depends on this integer overflow so it is unlikely that the vulnerability can be used for anything apart from crashing the system. The impact has been reduced to Moderate from Important based on this analysis.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13974"
},
{
"category": "external",
"summary": "RHBZ#2016169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13974",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13974"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13974",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13974"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b86dab054059b970111b5516ae548efaae5b3aae"
}
],
"release_date": "2020-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c"
},
{
"acknowledgments": [
{
"names": [
"Jeremy Cline"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-27820",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2020-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1901726"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Linux kernel, where a use-after-frees in nouveau\u0027s postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if \"unbind\" the driver).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in nouveau kernel module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as having a Low impact because the issue can only be triggered by an privileged local user (or user with physical access) as the issue only happens during unbinding the driver or removing the device.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27820"
},
{
"category": "external",
"summary": "RHBZ#1901726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27820"
},
{
"category": "external",
"summary": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-2-jcline@redhat.com/"
},
{
"category": "external",
"summary": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-3-jcline@redhat.com/"
},
{
"category": "external",
"summary": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/",
"url": "https://lore.kernel.org/dri-devel/20201103194912.184413-4-jcline@redhat.com/"
}
],
"release_date": "2020-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module nouveau from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: use-after-free in nouveau kernel module"
},
{
"cve": "CVE-2021-0941",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-10-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2018205"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) memory access flaw was found in net/core/filter.c in __bpf_skb_max_len in the Linux kernel. A missing sanity check to the current MTU check may allow a local attacker with special user privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-0941"
},
{
"category": "external",
"summary": "RHBZ#2018205",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018205"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0941"
},
{
"category": "external",
"summary": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae%5E%21/#F0",
"url": "https://android.googlesource.com/kernel/common/+/6306c1189e77a513bf02720450bb43bd4ba5d8ae%5E%21/#F0"
}
],
"release_date": "2021-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free"
},
{
"acknowledgments": [
{
"names": [
"Murray McAllister"
]
}
],
"cve": "CVE-2021-3612",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1974079"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds memory write flaw was found in the Linux kernel\u2019s joystick devices subsystem, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as having a Moderate impact because for the Red Hat Enterprise Linux the patch that made it possible writing memory out of bounds not applied yet, but still before that patch possible read out of bounds. Both in the default configuration of Red Hat Enterprise Linux the joysticks devices driver is disabled, so only privileged local user can enable it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3612"
},
{
"category": "external",
"summary": "RHBZ#1974079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3612"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3612",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3612"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/",
"url": "https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/"
}
],
"release_date": "2021-06-20T12:28:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module joydev from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP()"
},
{
"cve": "CVE-2021-3669",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-07-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1986473"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3669"
},
{
"category": "external",
"summary": "RHBZ#1986473",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1986473"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3669",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3669"
}
],
"release_date": "2021-08-02T06:02:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts"
},
{
"acknowledgments": [
{
"names": [
"Active Defense Lab"
],
"organization": "Venustech"
}
],
"cve": "CVE-2021-3743",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-08-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1997961"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3743"
},
{
"category": "external",
"summary": "RHBZ#1997961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3743"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3743",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3743"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb"
},
{
"category": "external",
"summary": "https://lists.openwall.net/netdev/2021/08/17/124",
"url": "https://lists.openwall.net/netdev/2021/08/17/124"
}
],
"release_date": "2021-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c"
},
{
"cve": "CVE-2021-3744",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000627"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "RHBZ#2000627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000627"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3744",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3744"
},
{
"category": "external",
"summary": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0",
"url": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0"
}
],
"release_date": "2021-08-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()"
},
{
"acknowledgments": [
{
"names": [
"Likang Luo"
],
"organization": "NSFOCUS Security Team"
}
],
"cve": "CVE-2021-3752",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-08-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1999544"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Linux kernel\u2019s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: possible use-after-free in bluetooth module",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as having Moderate impact because Only local users with privileges to access the sock_dgram Bluetooth socket can trigger this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3752"
},
{
"category": "external",
"summary": "RHBZ#1999544",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999544"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3752"
},
{
"category": "external",
"summary": "https://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/",
"url": "https://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/09/15/4",
"url": "https://www.openwall.com/lists/oss-security/2021/09/15/4"
}
],
"release_date": "2021-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: possible use-after-free in bluetooth module"
},
{
"acknowledgments": [
{
"names": [
"Yutian Yang"
],
"organization": "Zhejiang University"
}
],
"cve": "CVE-2021-3759",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1999675"
}
],
"notes": [
{
"category": "description",
"text": "A memory overflow vulnerability was found in the Linux kernel\u2019s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3759"
},
{
"category": "external",
"summary": "RHBZ#1999675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3759",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3759",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3759"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/",
"url": "https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/"
}
],
"release_date": "2021-07-15T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks"
},
{
"cve": "CVE-2021-3764",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2021-08-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1997467"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw was found in the Linux kernel\u0027s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: DoS in ccp_run_aes_gcm_cmd() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3764"
},
{
"category": "external",
"summary": "RHBZ#1997467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3764",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3764"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36cf515b9bbe",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=36cf515b9bbe"
}
],
"release_date": "2021-08-20T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: DoS in ccp_run_aes_gcm_cmd() function"
},
{
"cve": "CVE-2021-3772",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2021-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2000694"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: sctp: Invalid chunks may be used to remotely remove existing associations",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3772"
},
{
"category": "external",
"summary": "RHBZ#2000694",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000694"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3772"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3772",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3772"
}
],
"release_date": "2021-09-08T06:38:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nif\n# echo \"install sctp /bin/true\" \u003e\u003e /etc/modprobe.d/disable-sctp.conf\n\nThe system will need to be restarted if the SCTP modules are loaded. In most circumstances, the SCTP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\n\nIf the system requires this module to work correctly, this mitigation may not be suitable.\n\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: sctp: Invalid chunks may be used to remotely remove existing associations"
},
{
"cve": "CVE-2021-3773",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2004949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3773"
},
{
"category": "external",
"summary": "RHBZ#2004949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3773"
}
],
"release_date": "2021-09-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients"
},
{
"acknowledgments": [
{
"names": [
"elijahbai, jitxie, huntazhang."
]
}
],
"cve": "CVE-2021-3923",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-11-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2019643"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: stack information leak in infiniband RDMA",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3923"
},
{
"category": "external",
"summary": "RHBZ#2019643",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019643"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3923"
}
],
"release_date": "2021-12-01T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: stack information leak in infiniband RDMA"
},
{
"cve": "CVE-2021-4002",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2021-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025726"
}
],
"notes": [
{
"category": "description",
"text": "A memory leak flaw in the Linux kernel\u0027s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: possible leak or coruption of data residing on hugetlbfs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4002"
},
{
"category": "external",
"summary": "RHBZ#2025726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4002"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2021/11/25/1",
"url": "https://www.openwall.com/lists/oss-security/2021/11/25/1"
}
],
"release_date": "2021-11-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: possible leak or coruption of data residing on hugetlbfs"
},
{
"cve": "CVE-2021-4037",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2021-11-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2027239"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: security regression for CVE-2018-13405",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Impact is Moderate, because if no configuration problems with the system, then unlikely higher impact than unauthorized read access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4037"
},
{
"category": "external",
"summary": "RHBZ#2027239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027239"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4037",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4037"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=01ea173e103e"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848"
}
],
"release_date": "2021-09-16T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: security regression for CVE-2018-13405"
},
{
"cve": "CVE-2021-4083",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2021-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2029923"
}
],
"notes": [
{
"category": "description",
"text": "A read-after-free memory flaw was found in the Linux kernel\u0027s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: fget: check that the fd still exists after getting a ref to it",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4083"
},
{
"category": "external",
"summary": "RHBZ#2029923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2029923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4083"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9"
}
],
"release_date": "2021-12-03T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: fget: check that the fd still exists after getting a ref to it"
},
{
"cve": "CVE-2021-4093",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2028584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the KVM\u0027s AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "AMD Secure Encrypted Virtualization (SEV) is currently provided as a Technology Preview in RHEL and, therefore, unsupported for production use. For additional details please see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4093"
},
{
"category": "external",
"summary": "RHBZ#2028584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4093",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4093"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4093",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4093"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2222",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2222"
}
],
"release_date": "2021-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io"
},
{
"cve": "CVE-2021-4157",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034342"
}
],
"notes": [
{
"category": "description",
"text": "An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Buffer overwrite in decode_nfs_fh function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4157"
},
{
"category": "external",
"summary": "RHBZ#2034342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4157",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4157"
},
{
"category": "external",
"summary": "https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/",
"url": "https://lore.kernel.org/lkml/20210517140244.822185482@linuxfoundation.org/"
}
],
"release_date": "2021-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Buffer overwrite in decode_nfs_fh function"
},
{
"cve": "CVE-2021-4197",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2021-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2035652"
}
],
"notes": [
{
"category": "description",
"text": "An unprivileged write to the file handler flaw in the Linux kernel\u0027s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: cgroup: Use open-time creds and namespace for migration perm checks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4197"
},
{
"category": "external",
"summary": "RHBZ#2035652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4197",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4197"
},
{
"category": "external",
"summary": "https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/",
"url": "https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/"
}
],
"release_date": "2021-09-12T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "The mitigation not known. However, for the default configuration of the Red Hat Enterprise Linux it is not possible to trigger this vulnerability: if control groups (cgroups) not being used or being used with the default configuration or being used some other configuration where for example similar privileges for all processes (both for parent and for child processes), then no way to trigger this vulnerability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: cgroup: Use open-time creds and namespace for migration perm checks"
},
{
"cve": "CVE-2021-4203",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-01-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2036934"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-4203"
},
{
"category": "external",
"summary": "RHBZ#2036934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-4203",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4203"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2230\u0026can=7\u0026q=modified-after%3Atoday-30\u0026sort=-modified\u0026colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve\u0026cells=tiles\u0026redir=1"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814"
},
{
"category": "external",
"summary": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/",
"url": "https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/"
}
],
"release_date": "2021-09-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses"
},
{
"acknowledgments": [
{
"names": [
"Keyu Man, Xin\u0027an Zhou and Zhiyun Qian"
],
"organization": "University of California, Riverside"
}
],
"cve": "CVE-2021-20322",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2021-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2014230"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as having Moderate impact because of the attack scenario limitation. It is possible to harm the networking services only, but not for the overall system under attack, and impossible to get access to this remote system under attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20322"
},
{
"category": "external",
"summary": "RHBZ#2014230",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014230"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20322"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=4785305c05b25a242e5314cc821f54ade4c18810"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6\u0026id=6457378fe796815c973f631a1904e147d6ee33b1"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6\u0026id=67d6d681e15b578c1725bad8ad079e05d1c48a8e"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.15-rc6\u0026id=a00df2caffed3883c341d5685f830434312e4a43"
}
],
"release_date": "2021-08-26T08:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies"
},
{
"acknowledgments": [
{
"names": [
"AMD"
]
}
],
"cve": "CVE-2021-26401",
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061700"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation (MITIGATION V2-2) may be large enough to be exploited on AMD CPUs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-26401"
},
{
"category": "external",
"summary": "RHBZ#2061700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061700"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-26401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26401"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26401",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26401"
},
{
"category": "external",
"summary": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036",
"url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "AMD recommends mitigation that uses generic retpoline.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715"
},
{
"cve": "CVE-2021-29154",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-04-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1946684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as having Moderate impact as eBPF requires a privileged user on Red Hat Enterprise Linux to correctly load eBPF instructions that can be exploited.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29154"
},
{
"category": "external",
"summary": "RHBZ#1946684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29154"
}
],
"release_date": "2021-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\n\nIt can be disabled immediately with the command:\n\n# echo 0 \u003e /proc/sys/net/core/bpf_jit_enable\n\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n\n## start file ##\n\nnet.core.bpf_jit_enable=0\n\n## end file ##",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation"
},
{
"cve": "CVE-2021-37159",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2021-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1985353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw use-after-free in the Linux kernel USB High Speed Mobile Devices functionality was found in the way user detaches USB device. A local user could use this flaw to crash the system or escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-37159"
},
{
"category": "external",
"summary": "RHBZ#1985353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1985353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-37159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37159"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37159",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37159"
},
{
"category": "external",
"summary": "https://www.spinics.net/lists/linux-usb/msg202228.html",
"url": "https://www.spinics.net/lists/linux-usb/msg202228.html"
}
],
"release_date": "2020-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module hso from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c"
},
{
"cve": "CVE-2021-41864",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-10-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010463"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41864"
},
{
"category": "external",
"summary": "RHBZ#2010463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010463"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41864",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41864"
},
{
"category": "external",
"summary": "https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a",
"url": "https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a"
}
],
"release_date": "2021-09-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write"
},
{
"cve": "CVE-2021-42739",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2021-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1951739"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Heap buffer overflow in firedtv driver",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-42739"
},
{
"category": "external",
"summary": "RHBZ#1951739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-42739",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42739"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/",
"url": "https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/"
}
],
"release_date": "2021-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module firedtv from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Heap buffer overflow in firedtv driver"
},
{
"acknowledgments": [
{
"names": [
"Active Defense Lab"
],
"organization": "Venustech"
}
],
"cve": "CVE-2021-43389",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-10-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2013180"
}
],
"notes": [
{
"category": "description",
"text": "An improper validation of an array index and out of bounds memory read in the Linux kernel\u0027s Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43389"
},
{
"category": "external",
"summary": "RHBZ#2013180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43389"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d"
},
{
"category": "external",
"summary": "https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/",
"url": "https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/"
}
],
"release_date": "2021-09-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module isdn from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c"
},
{
"cve": "CVE-2021-43976",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2021-11-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2025003"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c in the usb subsystem of the Linux kernel. This is due to a missing clean-up for a malfunctioning usb device with an unknown recv_type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43976"
},
{
"category": "external",
"summary": "RHBZ#2025003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43976"
},
{
"category": "external",
"summary": "https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/",
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/"
}
],
"release_date": "2021-10-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device"
},
{
"acknowledgments": [
{
"names": [
"Patrik Lantz"
],
"organization": "axis.com"
}
],
"cve": "CVE-2021-44733",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2021-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2030747"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw in the Linux kernel TEE (Trusted Execution Environment) subsystem was found in the way user calls ioctl TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. A local user could use this flaw to crash the system or escalate their privileges on the system. If the Linux system non configured with the CONFIG_PREEMPT option or CONFIG_CPU_SW_DOMAIN_PAN option enabled, then it is unlikely that a user can trigger this issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in the TEE subsystem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44733"
},
{
"category": "external",
"summary": "RHBZ#2030747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44733",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44733"
},
{
"category": "external",
"summary": "https://lore.kernel.org/lkml/20211214123540.1789434-1-jens.wiklander@linaro.org/",
"url": "https://lore.kernel.org/lkml/20211214123540.1789434-1-jens.wiklander@linaro.org/"
}
],
"release_date": "2021-12-14T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the modules tee, trusted_tee from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: use-after-free in the TEE subsystem"
},
{
"cve": "CVE-2021-45485",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2021-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039911"
}
],
"notes": [
{
"category": "description",
"text": "An information leak flaw was found in the Linux kernel\u2019s IPv6 implementation in the __ipv6_select_ident in net/ipv6/output_core.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: information leak in the IPv6 implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45485"
},
{
"category": "external",
"summary": "RHBZ#2039911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45485",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45485"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99"
},
{
"category": "external",
"summary": "https://lore.kernel.org/all/20210529110746.6796-1-w@1wt.eu/",
"url": "https://lore.kernel.org/all/20210529110746.6796-1-w@1wt.eu/"
}
],
"release_date": "2021-05-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: information leak in the IPv6 implementation"
},
{
"cve": "CVE-2021-45486",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-12-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2039914"
}
],
"notes": [
{
"category": "description",
"text": "An information leak flaw was found in the Linux kernel\u2019s IPv4 implementation in the ip_rt_init in net/ipv4/route.c function. The use of a small hash table in IP ID generation allows a remote attacker to reveal sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: information leak in the IPv4 implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45486"
},
{
"category": "external",
"summary": "RHBZ#2039914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45486"
},
{
"category": "external",
"summary": "https://arxiv.org/pdf/2112.09604.pdf",
"url": "https://arxiv.org/pdf/2112.09604.pdf"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba"
}
],
"release_date": "2021-03-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: information leak in the IPv4 implementation"
},
{
"cve": "CVE-2021-47435",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-05-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2282879"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix mempool NULL pointer race when completing IO\n\ndm_io_dec_pending() calls end_io_acct() first and will then dec md\nin-flight pending count. But if a task is swapping DM table at same\ntime this can result in a crash due to mempool-\u003eelements being NULL:\n\ntask1 task2\ndo_resume\n -\u003edo_suspend\n -\u003edm_wait_for_completion\n bio_endio\n\t\t\t\t -\u003eclone_endio\n\t\t\t\t -\u003edm_io_dec_pending\n\t\t\t\t -\u003eend_io_acct\n\t\t\t\t -\u003ewakeup task1\n -\u003edm_swap_table\n -\u003e__bind\n -\u003e__bind_mempools\n -\u003ebioset_exit\n -\u003emempool_exit\n -\u003efree_io\n\n[ 67.330330] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n......\n[ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO)\n[ 67.330510] pc : mempool_free+0x70/0xa0\n[ 67.330515] lr : mempool_free+0x4c/0xa0\n[ 67.330520] sp : ffffff8008013b20\n[ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004\n[ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8\n[ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800\n[ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800\n[ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80\n[ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c\n[ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd\n[ 67.330563] x15: 000000000093b41e x14: 0000000000000010\n[ 67.330569] x13: 0000000000007f7a x12: 0000000034155555\n[ 67.330574] x11: 0000000000000001 x10: 0000000000000001\n[ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000\n[ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a\n[ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001\n[ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8\n[ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970\n[ 67.330609] Call trace:\n[ 67.330616] mempool_free+0x70/0xa0\n[ 67.330627] bio_put+0xf8/0x110\n[ 67.330638] dec_pending+0x13c/0x230\n[ 67.330644] clone_endio+0x90/0x180\n[ 67.330649] bio_endio+0x198/0x1b8\n[ 67.330655] dec_pending+0x190/0x230\n[ 67.330660] clone_endio+0x90/0x180\n[ 67.330665] bio_endio+0x198/0x1b8\n[ 67.330673] blk_update_request+0x214/0x428\n[ 67.330683] scsi_end_request+0x2c/0x300\n[ 67.330688] scsi_io_completion+0xa0/0x710\n[ 67.330695] scsi_finish_command+0xd8/0x110\n[ 67.330700] scsi_softirq_done+0x114/0x148\n[ 67.330708] blk_done_softirq+0x74/0xd0\n[ 67.330716] __do_softirq+0x18c/0x374\n[ 67.330724] irq_exit+0xb4/0xb8\n[ 67.330732] __handle_domain_irq+0x84/0xc0\n[ 67.330737] gic_handle_irq+0x148/0x1b0\n[ 67.330744] el1_irq+0xe8/0x190\n[ 67.330753] lpm_cpuidle_enter+0x4f8/0x538\n[ 67.330759] cpuidle_enter_state+0x1fc/0x398\n[ 67.330764] cpuidle_enter+0x18/0x20\n[ 67.330772] do_idle+0x1b4/0x290\n[ 67.330778] cpu_startup_entry+0x20/0x28\n[ 67.330786] secondary_start_kernel+0x160/0x170\n\nFix this by:\n1) Establishing pointers to \u0027struct dm_io\u0027 members in\ndm_io_dec_pending() so that they may be passed into end_io_acct()\n_after_ free_io() is called.\n2) Moving end_io_acct() after free_io().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: dm: fix mempool NULL pointer race when completing IO",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47435"
},
{
"category": "external",
"summary": "RHBZ#2282879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47435"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47435",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47435"
}
],
"release_date": "2024-05-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: dm: fix mempool NULL pointer race when completing IO"
},
{
"cve": "CVE-2021-47544",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2024-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2283406"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix page frag corruption on page fault\n\nSteffen reported a TCP stream corruption for HTTP requests\nserved by the apache web-server using a cifs mount-point\nand memory mapping the relevant file.\n\nThe root cause is quite similar to the one addressed by\ncommit 20eb4f29b602 (\"net: fix sk_page_frag() recursion from\nmemory reclaim\"). Here the nested access to the task page frag\nis caused by a page fault on the (mmapped) user-space memory\nbuffer coming from the cifs file.\n\nThe page fault handler performs an smb transaction on a different\nsocket, inside the same process context. Since sk-\u003esk_allaction\nfor such socket does not prevent the usage for the task_frag,\nthe nested allocation modify \"under the hood\" the page frag\nin use by the outer sendmsg call, corrupting the stream.\n\nThe overall relevant stack trace looks like the following:\n\nhttpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked:\n ffffffff91461d91 tcp_sendmsg_locked+0x1\n ffffffff91462b57 tcp_sendmsg+0x27\n ffffffff9139814e sock_sendmsg+0x3e\n ffffffffc06dfe1d smb_send_kvec+0x28\n [...]\n ffffffffc06cfaf8 cifs_readpages+0x213\n ffffffff90e83c4b read_pages+0x6b\n ffffffff90e83f31 __do_page_cache_readahead+0x1c1\n ffffffff90e79e98 filemap_fault+0x788\n ffffffff90eb0458 __do_fault+0x38\n ffffffff90eb5280 do_fault+0x1a0\n ffffffff90eb7c84 __handle_mm_fault+0x4d4\n ffffffff90eb8093 handle_mm_fault+0xc3\n ffffffff90c74f6d __do_page_fault+0x1ed\n ffffffff90c75277 do_page_fault+0x37\n ffffffff9160111e page_fault+0x1e\n ffffffff9109e7b5 copyin+0x25\n ffffffff9109eb40 _copy_from_iter_full+0xe0\n ffffffff91462370 tcp_sendmsg_locked+0x5e0\n ffffffff91462370 tcp_sendmsg_locked+0x5e0\n ffffffff91462b57 tcp_sendmsg+0x27\n ffffffff9139815c sock_sendmsg+0x4c\n ffffffff913981f7 sock_write_iter+0x97\n ffffffff90f2cc56 do_iter_readv_writev+0x156\n ffffffff90f2dff0 do_iter_write+0x80\n ffffffff90f2e1c3 vfs_writev+0xa3\n ffffffff90f2e27c do_writev+0x5c\n ffffffff90c042bb do_syscall_64+0x5b\n ffffffff916000ad entry_SYSCALL_64_after_hwframe+0x65\n\nThe cifs filesystem rightfully sets sk_allocations to GFP_NOFS,\nwe can avoid the nesting using the sk page frag for allocation\nlacking the __GFP_FS flag. Do not define an additional mm-helper\nfor that, as this is strictly tied to the sk page frag usage.\n\nv1 -\u003e v2:\n - use a stricted sk_page_frag() check instead of reordering the\n code (Eric)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tcp: fix page frag corruption on page fault",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47544"
},
{
"category": "external",
"summary": "RHBZ#2283406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47544"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47544",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47544"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024052440-CVE-2021-47544-ceb5@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024052440-CVE-2021-47544-ceb5@gregkh/T"
}
],
"release_date": "2024-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: tcp: fix page frag corruption on page fault"
},
{
"cve": "CVE-2021-47556",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2024-05-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2283393"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()\n\nethtool_set_coalesce() now uses both the .get_coalesce() and\n.set_coalesce() callbacks. But the check for their availability is\nbuggy, so changing the coalesce settings on a device where the driver\nprovides only _one_ of the callbacks results in a NULL pointer\ndereference instead of an -EOPNOTSUPP.\n\nFix the condition so that the availability of both callbacks is\nensured. This also matches the netlink code.\n\nNote that reproducing this requires some effort - it only affects the\nlegacy ioctl path, and needs a specific combination of driver options:\n- have .get_coalesce() and .coalesce_supported but no\n .set_coalesce(), or\n- have .set_coalesce() but no .get_coalesce(). Here eg. ethtool doesn\u0027t\n cause the crash as it first attempts to call ethtool_get_coalesce()\n and bails out on error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47556"
},
{
"category": "external",
"summary": "RHBZ#2283393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47556"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47556",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47556"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024052443-CVE-2021-47556-558e@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024052443-CVE-2021-47556-558e@gregkh/T"
}
],
"release_date": "2024-05-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()"
},
{
"cve": "CVE-2021-47590",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293237"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix deadlock in __mptcp_push_pending()\n\n__mptcp_push_pending() may call mptcp_flush_join_list() with subflow\nsocket lock held. If such call hits mptcp_sockopt_sync_all() then\nsubsequently __mptcp_sockopt_sync() could try to lock the subflow\nsocket for itself, causing a deadlock.\n\nsysrq: Show Blocked State\ntask:ss-server state:D stack: 0 pid: 938 ppid: 1 flags:0x00000000\nCall Trace:\n \u003cTASK\u003e\n __schedule+0x2d6/0x10c0\n ? __mod_memcg_state+0x4d/0x70\n ? csum_partial+0xd/0x20\n ? _raw_spin_lock_irqsave+0x26/0x50\n schedule+0x4e/0xc0\n __lock_sock+0x69/0x90\n ? do_wait_intr_irq+0xa0/0xa0\n __lock_sock_fast+0x35/0x50\n mptcp_sockopt_sync_all+0x38/0xc0\n __mptcp_push_pending+0x105/0x200\n mptcp_sendmsg+0x466/0x490\n sock_sendmsg+0x57/0x60\n __sys_sendto+0xf0/0x160\n ? do_wait_intr_irq+0xa0/0xa0\n ? fpregs_restore_userregs+0x12/0xd0\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f9ba546c2d0\nRSP: 002b:00007ffdc3b762d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f9ba56c8060 RCX: 00007f9ba546c2d0\nRDX: 000000000000077a RSI: 0000000000e5e180 RDI: 0000000000000234\nRBP: 0000000000cc57f0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007f9ba56c8060\nR13: 0000000000b6ba60 R14: 0000000000cc7840 R15: 41d8685b1d7901b8\n \u003c/TASK\u003e\n\nFix the issue by using __mptcp_flush_join_list() instead of plain\nmptcp_flush_join_list() inside __mptcp_push_pending(), as suggested by\nFlorian. The sockopt sync will be deferred to the workqueue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mptcp: fix deadlock in __mptcp_push_pending()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47590"
},
{
"category": "external",
"summary": "RHBZ#2293237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47590",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47590"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024061919-CVE-2021-47590-6db0@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024061919-CVE-2021-47590-6db0@gregkh/T"
}
],
"release_date": "2024-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mptcp: fix deadlock in __mptcp_push_pending()"
},
{
"cve": "CVE-2021-47614",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2024-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2293265"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix a user-after-free in add_pble_prm\n\nWhen irdma_hmc_sd_one fails, \u0027chunk\u0027 is freed while its still on the PBLE\ninfo list.\n\nAdd the chunk entry to the PBLE info list only after successful setting of\nthe SD in irdma_hmc_sd_one.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: RDMA/irdma: Fix a user-after-free in add_pble_prm",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47614"
},
{
"category": "external",
"summary": "RHBZ#2293265",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293265"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47614",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47614"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47614",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47614"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024061908-CVE-2021-47614-6dd2@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024061908-CVE-2021-47614-6dd2@gregkh/T"
}
],
"release_date": "2024-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: RDMA/irdma: Fix a user-after-free in add_pble_prm"
},
{
"acknowledgments": [
{
"names": [
"Intel"
]
}
],
"cve": "CVE-2022-0001",
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061712"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in hw. The Branch History Injection (BHI) describes a specific form of intra-mode BTI. This flaw allows an unprivileged attacker to manipulate the branch history before transitioning to supervisor or VMX root mode. This issue is an effort to cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This execution is possible since the relevant branch history may contain branches taken in previous security contexts, and in particular, in other predictor modes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: cpu: intel: Branch History Injection (BHI)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The current known mechanisms to exploit this issue rely on unprivileged eBPF functionality. Unprivileged eBPF is disabled by default on Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0001"
},
{
"category": "external",
"summary": "RHBZ#2061712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0001"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0001"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html",
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
},
{
"category": "external",
"summary": "https://www.vusec.net/projects/bhi-spectre-bhb/",
"url": "https://www.vusec.net/projects/bhi-spectre-bhb/"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks.\n\nThe default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl.\n\nFor the Red Hat Enterprise Linux 7, the eBPF for unprivileged users is always disabled.\n\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nContinue to enable SMEP and Enhanced IBRS. This is the default setting on eligible CPUs.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hw: cpu: intel: Branch History Injection (BHI)"
},
{
"acknowledgments": [
{
"names": [
"Intel"
]
}
],
"cve": "CVE-2022-0002",
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061721"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in hw. The Intra-mode BTI refers to a variant of Branch Target Injection aka SpectreV2 (BTI) where an indirect branch speculates to an aliased predictor entry for a different indirect branch in the same predictor mode, and a disclosure gadget at the predicted target transiently executes. These predictor entries may contain targets corresponding to the targets of an indirect near jump, indirect near call, and near return instructions, even if these branches were only transiently executed. The managed runtimes provide an attacker with the means to create the aliasing required for intra-mode BTI attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: cpu: intel: Intra-Mode BTI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The current known mechanisms to exploit this issue rely on unprivileged eBPF functionality. Unprivileged eBPF is disabled by default on Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0002"
},
{
"category": "external",
"summary": "RHBZ#2061721",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061721"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0002"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html",
"url": "https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html"
},
{
"category": "external",
"summary": "https://www.vusec.net/projects/bhi-spectre-bhb/",
"url": "https://www.vusec.net/projects/bhi-spectre-bhb/"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Disabling unprivileged eBPF effectively mitigates the known attack vectors for exploiting intra-mode branch injections attacks.\n\nThe default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl.\n\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\n\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\n\nContinue to enable SMEP and Enhanced IBRS. This is the default setting on eligible CPUs.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "hw: cpu: intel: Intra-Mode BTI"
},
{
"acknowledgments": [
{
"names": [
"De4dCr0w"
],
"organization": "360 Vulnerability Research Institute"
}
],
"cve": "CVE-2022-0286",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-01-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2037019"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Local denial of service in bond_ipsec_add_sa",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0286"
},
{
"category": "external",
"summary": "RHBZ#2037019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2037019"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0286"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=105cd17a866017b45f3c45901b394c711c97bf40",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=105cd17a866017b45f3c45901b394c711c97bf40"
}
],
"release_date": "2021-07-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the module bonding from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Local denial of service in bond_ipsec_add_sa"
},
{
"cve": "CVE-2022-0322",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2021-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2042822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0322"
},
{
"category": "external",
"summary": "RHBZ#2042822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0322"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c"
}
],
"release_date": "2021-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is to skip loading the affected module SCTP onto the system. Until we have a fix available, this can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c"
},
{
"acknowledgments": [
{
"names": [
"elijahbai"
],
"organization": "Tencent Security Yunding Lab"
}
],
"cve": "CVE-2022-0850",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-11-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2060606"
}
],
"notes": [
{
"category": "description",
"text": "An information leak flaw was found via ext4_extent_header in fs/ext4/extents.c in the Linux kernel. This flaw could allow a local attacker to cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: information leak in copy_page_to_iter() in iov_iter.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0850"
},
{
"category": "external",
"summary": "RHBZ#2060606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0850"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce3aba43599f0b50adbebff133df8d08a3d5fffe"
},
{
"category": "external",
"summary": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8",
"url": "https://syzkaller.appspot.com/bug?id=78e9ad0e6952a3ca16e8234724b2fa92d041b9b8"
}
],
"release_date": "2021-05-06T19:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: information leak in copy_page_to_iter() in iov_iter.c"
},
{
"acknowledgments": [
{
"names": [
"Miklos Szeredi",
"Jann Horn"
]
}
],
"cve": "CVE-2022-1011",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064855"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Linux kernel\u2019s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the Red Hat Enterprise Linux the issue actual if fuse or fuse3 package is installed on the system and only privileged user can install it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-1011"
},
{
"category": "external",
"summary": "RHBZ#2064855",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064855"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1011",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1011"
},
{
"category": "external",
"summary": "https://lore.kernel.org/lkml/20220414110839.241541230@linuxfoundation.org/",
"url": "https://lore.kernel.org/lkml/20220414110839.241541230@linuxfoundation.org/"
}
],
"release_date": "2022-03-07T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes"
},
{
"acknowledgments": [
{
"names": [
"Jiasheng Jiang"
]
}
],
"cve": "CVE-2022-3105",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153067"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: RDMA/uverbs: NULL pointer dereference in uapi_finalize()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3105"
},
{
"category": "external",
"summary": "RHBZ#2153067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3105"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3105",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3105"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: RDMA/uverbs: NULL pointer dereference in uapi_finalize()"
},
{
"acknowledgments": [
{
"names": [
"Jiasheng Jiang"
]
}
],
"cve": "CVE-2022-3106",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153066"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: sfc_ef100: NULL pointer dereference in ef100_update_stats()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3106"
},
{
"category": "external",
"summary": "RHBZ#2153066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153066"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3106"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: sfc_ef100: NULL pointer dereference in ef100_update_stats()"
},
{
"acknowledgments": [
{
"names": [
"Jiasheng Jiang"
]
}
],
"cve": "CVE-2022-3108",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2022-12-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2153052"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3108"
},
{
"category": "external",
"summary": "RHBZ#2153052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153052"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3108"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3108",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3108"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink()"
},
{
"cve": "CVE-2023-0459",
"cwe": {
"id": "CWE-402",
"name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)"
},
"discovery_date": "2023-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2216383"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in copy_from_user in 64-bit versions of the Linux kernel. This flaw allows a local attacker to bypass the \"access_ok\" sanity check and pass a kernel pointer to copy_from_user(), resulting in kernel data leaking.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Copy_from_user on 64-bit versions may leak kernel information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-0459"
},
{
"category": "external",
"summary": "RHBZ#2216383",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216383"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-0459",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459"
},
{
"category": "external",
"summary": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c",
"url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"
}
],
"release_date": "2020-02-15T06:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Copy_from_user on 64-bit versions may leak kernel information"
},
{
"cve": "CVE-2023-3022",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2023-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2211440"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup fails",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3022"
},
{
"category": "external",
"summary": "RHBZ#2211440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211440"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3022"
}
],
"release_date": "2019-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-10T13:43:14+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1975"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"NFV-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"NFV-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.src",
"RT-8.6.0.GA:kernel-rt-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-core-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-devel-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-kvm-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-0:4.18.0-372.9.1.rt7.166.el8.x86_64",
"RT-8.6.0.GA:kernel-rt-modules-extra-0:4.18.0-372.9.1.rt7.166.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: IPv6: panic in fib6_rule_suppress when fib6_rule_lookup fails"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…