RHSA-2022:7173: Important: kpatch-patch security update
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.<br>Security Fix(es):<br><li> kernel: use-after-free in route4change() in net/sched/clsroute.c (CVE-2021-3715)</li> <li> kernel: a use-after-free in clsroute filter implementation may lead to privilege escalation (CVE-2022-2588)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:7173?
The severity of RHSA-2022:7173 is high due to the potential for use-after-free vulnerabilities in the kernel.
How do I fix RHSA-2022:7173?
To fix RHSA-2022:7173, install the updated kpatch-patch packages as specified in the advisory.
What vulnerabilities are addressed in RHSA-2022:7173?
RHSA-2022:7173 addresses use-after-free vulnerabilities in the route4_change function within the kernel.
Which versions are affected by RHSA-2022:7173?
Versions of the kpatch-patch package prior to 3_10_0-957_97_1-1-1.el7 are affected by RHSA-2022:7173.
Is there a workaround for RHSA-2022:7173?
There are no effective workarounds for RHSA-2022:7173; applying the patches is necessary to mitigate the vulnerabilities.