RHSA-2021:3381: Important: kpatch-patch security update
Published Aug 31, 2021
·Updated
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es): kernel: out-of-bounds write in xtcompattargetfromuser() in net/netfilter/xtables.c (CVE-2021-22555) kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
55 affected componentsFixes available
redhat/kpatch-patch<3_10_0-1160-1-8.el7
3_10_0-1160-1-8.el7
redhat/kpatch-patch<3_10_0-1160_11_1-1-7.el7
3_10_0-1160_11_1-1-7.el7
redhat/kpatch-patch<3_10_0-1160_15_2-1-7.el7
3_10_0-1160_15_2-1-7.el7
redhat/kpatch-patch<3_10_0-1160_21_1-1-5.el7
3_10_0-1160_21_1-1-5.el7
redhat/kpatch-patch<3_10_0-1160_24_1-1-3.el7
3_10_0-1160_24_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_25_1-1-3.el7
3_10_0-1160_25_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_2_1-1-8.el7
3_10_0-1160_2_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_2-1-8.el7
3_10_0-1160_2_2-1-8.el7
redhat/kpatch-patch<3_10_0-1160_31_1-1-2.el7
3_10_0-1160_31_1-1-2.el7
redhat/kpatch-patch<3_10_0-1160_36_2-1-1.el7
3_10_0-1160_36_2-1-1.el7
redhat/kpatch-patch<3_10_0-1160_6_1-1-8.el7
3_10_0-1160_6_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160-1-8.el7
3_10_0-1160-1-8.el7
redhat/kpatch-patch<3_10_0-1160-debuginfo-1-8.el7
3_10_0-1160-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_11_1-1-7.el7
3_10_0-1160_11_1-1-7.el7
redhat/kpatch-patch<3_10_0-1160_11_1-debuginfo-1-7.el7
3_10_0-1160_11_1-debuginfo-1-7.el7
redhat/kpatch-patch<3_10_0-1160_15_2-1-7.el7
3_10_0-1160_15_2-1-7.el7
redhat/kpatch-patch<3_10_0-1160_15_2-debuginfo-1-7.el7
3_10_0-1160_15_2-debuginfo-1-7.el7
redhat/kpatch-patch<3_10_0-1160_21_1-1-5.el7
3_10_0-1160_21_1-1-5.el7
redhat/kpatch-patch<3_10_0-1160_21_1-debuginfo-1-5.el7
3_10_0-1160_21_1-debuginfo-1-5.el7
redhat/kpatch-patch<3_10_0-1160_24_1-1-3.el7
3_10_0-1160_24_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_24_1-debuginfo-1-3.el7
3_10_0-1160_24_1-debuginfo-1-3.el7
redhat/kpatch-patch<3_10_0-1160_25_1-1-3.el7
3_10_0-1160_25_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_25_1-debuginfo-1-3.el7
3_10_0-1160_25_1-debuginfo-1-3.el7
redhat/kpatch-patch<3_10_0-1160_2_1-1-8.el7
3_10_0-1160_2_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_1-debuginfo-1-8.el7
3_10_0-1160_2_1-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_2-1-8.el7
3_10_0-1160_2_2-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_2-debuginfo-1-8.el7
3_10_0-1160_2_2-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_31_1-1-2.el7
3_10_0-1160_31_1-1-2.el7
redhat/kpatch-patch<3_10_0-1160_31_1-debuginfo-1-2.el7
3_10_0-1160_31_1-debuginfo-1-2.el7
redhat/kpatch-patch<3_10_0-1160_36_2-1-1.el7
3_10_0-1160_36_2-1-1.el7
redhat/kpatch-patch<3_10_0-1160_36_2-debuginfo-1-1.el7
3_10_0-1160_36_2-debuginfo-1-1.el7
redhat/kpatch-patch<3_10_0-1160_6_1-1-8.el7
3_10_0-1160_6_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160_6_1-debuginfo-1-8.el7
3_10_0-1160_6_1-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160-1-8.el7
3_10_0-1160-1-8.el7
redhat/kpatch-patch<3_10_0-1160-debuginfo-1-8.el7
3_10_0-1160-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_11_1-1-7.el7
3_10_0-1160_11_1-1-7.el7
redhat/kpatch-patch<3_10_0-1160_11_1-debuginfo-1-7.el7
3_10_0-1160_11_1-debuginfo-1-7.el7
redhat/kpatch-patch<3_10_0-1160_15_2-1-7.el7
3_10_0-1160_15_2-1-7.el7
redhat/kpatch-patch<3_10_0-1160_15_2-debuginfo-1-7.el7
3_10_0-1160_15_2-debuginfo-1-7.el7
redhat/kpatch-patch<3_10_0-1160_21_1-1-5.el7
3_10_0-1160_21_1-1-5.el7
redhat/kpatch-patch<3_10_0-1160_21_1-debuginfo-1-5.el7
3_10_0-1160_21_1-debuginfo-1-5.el7
redhat/kpatch-patch<3_10_0-1160_24_1-1-3.el7
3_10_0-1160_24_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_24_1-debuginfo-1-3.el7
3_10_0-1160_24_1-debuginfo-1-3.el7
redhat/kpatch-patch<3_10_0-1160_25_1-1-3.el7
3_10_0-1160_25_1-1-3.el7
redhat/kpatch-patch<3_10_0-1160_25_1-debuginfo-1-3.el7
3_10_0-1160_25_1-debuginfo-1-3.el7
redhat/kpatch-patch<3_10_0-1160_2_1-1-8.el7
3_10_0-1160_2_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_1-debuginfo-1-8.el7
3_10_0-1160_2_1-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_2-1-8.el7
3_10_0-1160_2_2-1-8.el7
redhat/kpatch-patch<3_10_0-1160_2_2-debuginfo-1-8.el7
3_10_0-1160_2_2-debuginfo-1-8.el7
redhat/kpatch-patch<3_10_0-1160_31_1-1-2.el7
3_10_0-1160_31_1-1-2.el7
redhat/kpatch-patch<3_10_0-1160_31_1-debuginfo-1-2.el7
3_10_0-1160_31_1-debuginfo-1-2.el7
redhat/kpatch-patch<3_10_0-1160_36_2-1-1.el7
3_10_0-1160_36_2-1-1.el7
redhat/kpatch-patch<3_10_0-1160_36_2-debuginfo-1-1.el7
3_10_0-1160_36_2-debuginfo-1-1.el7
redhat/kpatch-patch<3_10_0-1160_6_1-1-8.el7
3_10_0-1160_6_1-1-8.el7
redhat/kpatch-patch<3_10_0-1160_6_1-debuginfo-1-8.el7
3_10_0-1160_6_1-debuginfo-1-8.el7
Remediation
Event History
Feb 11, 2026
Advisory Published
via Red Hat·03:06 PM
Data Sourced
via Red Hat·03:06 PM
RemedyDescriptionAffected Software
Frequently Asked Questions
1
What is the severity of RHSA-2021:3381?
The severity of RHSA-2021:3381 is classified as important.
2
How do I fix RHSA-2021:3381?
To resolve RHSA-2021:3381, update to the latest version of the kpatch-patch package as specified in the advisory.
3
What does RHSA-2021:3381 address?
RHSA-2021:3381 addresses an out-of-bounds write vulnerability in the kernel related to netfilter.
4
Which versions are affected by RHSA-2021:3381?
RHSA-2021:3381 affects multiple versions of the kpatch-patch package prior to the specified remediation versions.
5
Is a reboot required after applying the fix for RHSA-2021:3381?
Yes, a reboot is generally recommended after applying the kernel live patch to ensure the changes take effect.