RHSA-2022:7344: Important: kpatch-patch security update
First published: Wed Nov 02 2022(Updated: )
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.<br>Security Fix(es):<br><li> a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kpatch-patch | <3_10_0-1160_62_1-1-3.el7 | 3_10_0-1160_62_1-1-3.el7 |
| redhat/kpatch-patch | <3_10_0-1160_66_1-1-2.el7 | 3_10_0-1160_66_1-1-2.el7 |
| redhat/kpatch-patch | <3_10_0-1160_71_1-1-1.el7 | 3_10_0-1160_71_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_76_1-1-1.el7 | 3_10_0-1160_76_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_62_1-1-3.el7 | 3_10_0-1160_62_1-1-3.el7 |
| redhat/kpatch-patch | <3_10_0-1160_62_1-debuginfo-1-3.el7 | 3_10_0-1160_62_1-debuginfo-1-3.el7 |
| redhat/kpatch-patch | <3_10_0-1160_66_1-1-2.el7 | 3_10_0-1160_66_1-1-2.el7 |
| redhat/kpatch-patch | <3_10_0-1160_66_1-debuginfo-1-2.el7 | 3_10_0-1160_66_1-debuginfo-1-2.el7 |
| redhat/kpatch-patch | <3_10_0-1160_71_1-1-1.el7 | 3_10_0-1160_71_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_71_1-debuginfo-1-1.el7 | 3_10_0-1160_71_1-debuginfo-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_76_1-1-1.el7 | 3_10_0-1160_76_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_76_1-debuginfo-1-1.el7 | 3_10_0-1160_76_1-debuginfo-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_62_1-1-3.el7 | 3_10_0-1160_62_1-1-3.el7 |
| redhat/kpatch-patch | <3_10_0-1160_62_1-debuginfo-1-3.el7 | 3_10_0-1160_62_1-debuginfo-1-3.el7 |
| redhat/kpatch-patch | <3_10_0-1160_66_1-1-2.el7 | 3_10_0-1160_66_1-1-2.el7 |
| redhat/kpatch-patch | <3_10_0-1160_66_1-debuginfo-1-2.el7 | 3_10_0-1160_66_1-debuginfo-1-2.el7 |
| redhat/kpatch-patch | <3_10_0-1160_71_1-1-1.el7 | 3_10_0-1160_71_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_71_1-debuginfo-1-1.el7 | 3_10_0-1160_71_1-debuginfo-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_76_1-1-1.el7 | 3_10_0-1160_76_1-1-1.el7 |
| redhat/kpatch-patch | <3_10_0-1160_76_1-debuginfo-1-1.el7 | 3_10_0-1160_76_1-debuginfo-1-1.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of RHSA-2022:7344?
The severity of RHSA-2022:7344 is critical due to the privilege escalation vulnerability identified in CVE-2022-2588.
How do I fix RHSA-2022:7344?
To fix RHSA-2022:7344, update the kpatch-patch package to versions 3_10_0-1160_62_1-1-3.el7, 3_10_0-1160_66_1-1-2.el7, 3_10_0-1160_71_1-1-1.el7, or 3_10_0-1160_76_1-1-1.el7.
What is CVE-2022-2588 related to RHSA-2022:7344?
CVE-2022-2588 is linked to a use-after-free vulnerability in the cls_route filter implementation, which could lead to privilege escalation.
Which software versions are affected by RHSA-2022:7344?
Affected software versions include kpatch-patch versions prior to 3_10_0-1160_62_1-1-3.el7, 3_10_0-1160_66_1-1-2.el7, 3_10_0-1160_71_1-1-1.el7, and 3_10_0-1160_76_1-1-1.el7.
Is a reboot required to apply the fix for RHSA-2022:7344?
Yes, a reboot may be required to fully apply the kpatch-patch updates and mitigate the vulnerabilities associated with RHSA-2022:7344.
- agent/severity
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/title
- agent/description
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2022:7344
- agent/software-canonical-lookup
- agent/references
- agent/tags
- agent/event
- agent/source
- package-manager/redhat