-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:5564-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5564
Issue date:        2022-07-13
CVE Names:         CVE-2022-1729
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* kernel: race condition in perf_event_open leads to privilege escalation
(CVE-2022-1729)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* conntrack entries linger around after test (BZ#2066356)

* Any process performing I/O doesn't fail on degraded LVM RAID and IO
process hangs (BZ#2075075)

* fix data corruption caused by dm-integrity (BZ#2082184)

* Backport request of "genirq: use rcu in kstat_irqs_usr()" (BZ#2083308)

* SUT will flash once color screen during boot to OS. (BZ#2083384)

* Kernel Support Fixes for UV5 platform (BZ#2084645)

* i/o on initiator stuck when network is disrupted
(4.18.0-372.9.1.el8.x86_64) (BZ#2091078)

* glock deadlock (using the dct tool) (BZ#2092073)

* Recursive locking in gfs2_fault (read/write + mmap) (BZ#2092074)

* 8.6.z backport of "vmxnet3: add support for 32 Tx/Rx queues" from BZ
2083561 (BZ#2094473)

* System freezes with callstack in dmesg: ret_from_fork (BZ#2096305)

* Need some changes in RHEL8.x kernels. (BZ#2096931)

* Bad length in dpctl/dump-flows (BZ#2097796)

Enhancement(s):

* Elkhart Graphics - remove force_probe flag (BZ#2075567)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-372.16.1.el8_6.src.rpm

aarch64:
bpftool-4.18.0-372.16.1.el8_6.aarch64.rpm
bpftool-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-core-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-core-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-devel-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-modules-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-devel-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-modules-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-modules-extra-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.16.1.el8_6.aarch64.rpm
perf-4.18.0-372.16.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.16.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm

noarch:
kernel-abi-stablelists-4.18.0-372.16.1.el8_6.noarch.rpm
kernel-doc-4.18.0-372.16.1.el8_6.noarch.rpm

ppc64le:
bpftool-4.18.0-372.16.1.el8_6.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-core-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-cross-headers-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-core-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-modules-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-headers-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-modules-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-modules-extra-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-tools-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-tools-libs-4.18.0-372.16.1.el8_6.ppc64le.rpm
perf-4.18.0-372.16.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
python3-perf-4.18.0-372.16.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm

s390x:
bpftool-4.18.0-372.16.1.el8_6.s390x.rpm
bpftool-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-core-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-cross-headers-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-core-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-devel-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-modules-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-devel-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-headers-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-modules-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-tools-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.16.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.16.1.el8_6.s390x.rpm
perf-4.18.0-372.16.1.el8_6.s390x.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm
python3-perf-4.18.0-372.16.1.el8_6.s390x.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.s390x.rpm

x86_64:
bpftool-4.18.0-372.16.1.el8_6.x86_64.rpm
bpftool-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-core-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-headers-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.16.1.el8_6.x86_64.rpm
perf-4.18.0-372.16.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.16.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.16.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.16.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1729
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYuFkVNzjgjWX9erEAQg4ow/9GVx9U8IRNmKVSE50ZMzPCy/GjH06geJi
/VKdhtWUnH9WcTy7XWkKg5zdL7eaXy48bk9RZhKb67yZL9JbMXkjlkGEPFK/AIjB
zNTP3IGRJer40SD6gI2T0R4lr+Sfw8S/1PtflptAZ6a9zuGdYuRr5x2mmrTvSYPK
LlyG7ht06WqCd7U27k8H6QJufZPkkWeni8mel3Z0i8ksAvj3QjPDJnPePlQH18gu
NUZLpXkNP4ngqGLcdzMEBMkoeN9GOGvxBBN0nI/UMWkbzL+6F79ZtuRrWLy0tgBJ
F4pllNgRAkEcJb2VZxvBsMVpseOQO6tu8kJPuZxx1x1WlBAji8zpbwQe5o2/sZYQ
wObGNeaLrN2SC6tWsC/lRMfVvLHuCwDPIqGQS5waHRyCqWKIhK5EPsW/wWYd/dJ7
bbTKzoTGrxq3QAFpG9+/bABvfb8gSNJfyoeG2AZLGZFlls20AeD8gY7gDnqbvKw2
HKwO3DpUAa3ntjuzRnwMPdrhLLxbCqq4Ql0HHkCpma8TrhEiv03eV99W4Cwlto7T
WwfbeKAh0eaRw9AaYR8/+EVs3JhrGscsrju+PTfrdx3B/nkWr28Kq8bFHhOzgJ9l
jwyq8NeJLTJplZiw12VzH45OC8hFyfECN+AdGLrpGMhSyMlxGratodDjNZ0vDL+d
N3UZEXcLXJI=6VHN
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce