Red Hat Enterprise Linux for Real Time 9.0 for kernel-rt



Published: 2022-12-14 | Updated: 2023-06-08
Risk Medium
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2022-1158
CVE-2022-2639
CVE-2022-2959
CVE-2022-21123
CVE-2022-21125
CVE-2022-21166
CVE-2022-23816
CVE-2022-23825
CVE-2022-26373
CVE-2022-29900
CVE-2022-29901
CVE-2022-43945
CWE-ID CWE-787
CWE-191
CWE-362
CWE-200
CWE-843
CWE-264
CWE-1037
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Real Time
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Real Time for NFV
Operating systems & Components / Operating system

kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU63166

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1158

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due the KVM implementation in Linux kernel does not properly perform guest page table updates in some situations. A remote user on the guest operating system can trigger memory corruption and perform a denial of service attack against the host OS.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer underflow

EUVDB-ID: #VU66812

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-2639

CWE-ID: CWE-191 - Integer underflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the reserve_sfa_size() function in the openvswitch kernel module in Linux kernel. A local user can trigger an out-of-bounds read error and crash the system or escalate privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Race condition

EUVDB-ID: #VU66934

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2959

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a missing lock in the pipe_resize_ring() function within the watch queue when performing operations on an object. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU64364

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21123

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Information disclosure

EUVDB-ID: #VU64365

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21125

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.



Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU64366

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-21166

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Type Confusion

EUVDB-ID: #VU65219

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23816

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Type Confusion

EUVDB-ID: #VU65204

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23825

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a branch type confusion. A local user can force the branch predictor to predict the wrong branch type and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU66549

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-26373

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to non-transparent sharing of return predictor targets between contexts in Intel CPU processors. A local user can bypass the expected architecture isolation between contexts and gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65205

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29900

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed  RETbleed.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU65220

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29901

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU69766

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43945

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attacl.

The vulnerability exists due to a boundary error within the Linux kernel NFSD implementation. A remote attacker can send the RPC message over TCP with garbage data added at the end of the message, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time: 9

Red Hat Enterprise Linux for Real Time for NFV: 9

kernel-rt (Red Hat package): before 5.14.0-70.36.1.rt21.108.el9_0

External links

http://access.redhat.com/errata/RHSA-2022:8974


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###