What is the severity of RHSA-2021:4646?

The severity of RHSA-2021:4646 is classified as important.

How do I fix RHSA-2021:4646?

To fix RHSA-2021:4646, you need to update to the kernel-rt packages version 4.18.0-348.2.1.rt7.132.el8_5 or later.

What vulnerabilities are addressed by RHSA-2021:4646?

RHSA-2021:4646 addresses the CVE-2021-43267 vulnerability, which involves insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Which packages are affected by RHSA-2021:4646?

The affected packages under RHSA-2021:4646 include kernel-rt, kernel-rt-core, and various debug and development packages.

When was RHSA-2021:4646 released?

RHSA-2021:4646 was released on December 15, 2021.

Vulnerability/
RHSA-2021:4646

15/11/2021

RHSA-2021:4646: Important: kernel-rt security and bug fix update

First published: Mon Nov 15 2021(Updated: )

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<br>Security Fix(es):<br><li> kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type (CVE-2021-43267)</li> <li> kernel: timer tree corruption leads to missing wakeup and system freeze (CVE-2021-20317)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> kernel-rt: update RT source tree to the RHEL-8.5.z source tree (BZ#2020036)</li>

Affected Software	Affected Version	How to fix
redhat/kernel-rt	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-core	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-core	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-debuginfo	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-devel	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-modules	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-modules-extra	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debuginfo	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-devel	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-modules	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-modules-extra	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-debug-kvm	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5
redhat/kernel-rt-kvm	<4.18.0-348.2.1.rt7.132.el8_5	4.18.0-348.2.1.rt7.132.el8_5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2021:4646?
The severity of RHSA-2021:4646 is classified as important.
How do I fix RHSA-2021:4646?
To fix RHSA-2021:4646, you need to update to the kernel-rt packages version 4.18.0-348.2.1.rt7.132.el8_5 or later.
What vulnerabilities are addressed by RHSA-2021:4646?
RHSA-2021:4646 addresses the CVE-2021-43267 vulnerability, which involves insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
Which packages are affected by RHSA-2021:4646?
The affected packages under RHSA-2021:4646 include kernel-rt, kernel-rt-core, and various debug and development packages.
When was RHSA-2021:4646 released?
RHSA-2021:4646 was released on December 15, 2021.

agent/severity
agent/references
agent/type
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2021:4646
agent/software-canonical-lookup
agent/title
agent/remedy
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat