-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update
Advisory ID:       RHSA-2022:6460-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6460
Issue date:        2022-09-13
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2081013)

* slub corruption during  LPM of hnv interface (BZ#2081250)

* Affinity broken due to vector space exhaustion (BZ#2084646)

* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)

* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)
(BZ#2092241)

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)
(BZ#2095654)

* mt7921: free resources on pci_probe error path (BZ#2101684)

* NLM should be more defensive if underlying FS changes fl_owner
(BZ#2102099)

* RHEL8/async-pf Guest call trace when reboot after postcopy migration with
high stress workload (BZ#2105340)

* execve exit tracepoint not called (BZ#2106662)

* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)

* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)

* KVM selftests fail to compile (BZ#2107655)

* Some monitor have no display with AMD W6400 when boot into OS.
(BZ#2109826)

* Percpu counter usage is gradually getting increasing during podman
container recreation. (BZ#2110039)

* multipath failed to recover after EEH hit on flavafish adapter on
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)

* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)

* trouble re-assigning MACs to VFs, ice stricter than other drivers
(BZ#2111936)

* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)

* Multicast packets are not received by all VFs on the same port even
though they have the same VLAN (BZ#2117026)

* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)

* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)

* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)

* bridge over bond over ice ports has no connection (BZ#2118580)

* Fix max VLANs available for VF (BZ#2118581)

* offline selftest failed (BZ#2118582)

* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on
E810-XXVDA4T (WPC) (BZ#2118583)

* VM configured with failover interface will coredump after been migrating
from source host to target host(only iavf driver) (BZ#2118705)

* Fix max VLANs available for untrusted VF (BZ#2118707)

* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset
(BZ#2120776)

Enhancement(s):

* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)

* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)

* ice: Driver Update (BZ#2102359)

* iavf: Driver Update (BZ#2102360)

* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
kernel-4.18.0-372.26.1.el8_6.src.rpm

aarch64:
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

noarch:
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm

ppc64le:
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

s390x:
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm
perf-4.18.0-372.26.1.el8_6.s390x.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm

x86_64:
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

ppc64le:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

x86_64:
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123
https://access.redhat.com/security/cve/CVE-2022-21125
https://access.redhat.com/security/cve/CVE-2022-21166
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV
1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO
fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ
DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p
Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4
ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri
dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/
pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR
lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI
Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv
Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv
a685GRAjoyY=
=4AwP
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce