CVE-2022-0500
Description
Moderate: kernel-rt security and bug fix update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-2950.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:2950
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-3138.html
Vendor advisory: alma — https://bugzilla.redhat.com/2272811
Vendor advisory: alma — https://bugzilla.redhat.com/2270883
Vendor advisory: alma — https://bugzilla.redhat.com/2270836
Vendor advisory: alma — https://bugzilla.redhat.com/2269217
Vendor advisory: alma — https://bugzilla.redhat.com/2269189
Vendor advisory: alma — https://bugzilla.redhat.com/2267761
Vendor advisory: alma — https://bugzilla.redhat.com/2267760
Vendor advisory: alma — https://bugzilla.redhat.com/2267750
Vendor advisory: alma — https://bugzilla.redhat.com/2267695
Vendor advisory: alma — https://bugzilla.redhat.com/2265653
Vendor advisory: alma — https://bugzilla.redhat.com/2265285
Vendor advisory: alma — https://bugzilla.redhat.com/2257979
Vendor advisory: alma — https://bugzilla.redhat.com/2257682
Vendor advisory: alma — https://bugzilla.redhat.com/2256822
Vendor advisory: alma — https://bugzilla.redhat.com/2256490
Vendor advisory: alma — https://bugzilla.redhat.com/2255283
Vendor advisory: alma — https://bugzilla.redhat.com/2254982
Vendor advisory: alma — https://bugzilla.redhat.com/2254961
Vendor advisory: alma — https://bugzilla.redhat.com/2253632
Vendor advisory: alma — https://bugzilla.redhat.com/2250043
Vendor advisory: alma — https://bugzilla.redhat.com/2244720
Vendor advisory: alma — https://bugzilla.redhat.com/2239847
Vendor advisory: alma — https://bugzilla.redhat.com/2239845
Vendor advisory: alma — https://bugzilla.redhat.com/2235306
Vendor advisory: alma — https://bugzilla.redhat.com/2231410
Vendor advisory: alma — https://bugzilla.redhat.com/2230042
Vendor advisory: alma — https://bugzilla.redhat.com/2226788
Vendor advisory: alma — https://bugzilla.redhat.com/2226787
Vendor advisory: alma — https://bugzilla.redhat.com/2226784
Vendor advisory: alma — https://bugzilla.redhat.com/2226777
Vendor advisory: alma — https://bugzilla.redhat.com/2221702
Vendor advisory: alma — https://bugzilla.redhat.com/2221463
Vendor advisory: alma — https://bugzilla.redhat.com/2221039
Vendor advisory: alma — https://bugzilla.redhat.com/2219359
Vendor advisory: alma — https://bugzilla.redhat.com/2218332
Vendor advisory: alma — https://bugzilla.redhat.com/2213132
Vendor advisory: alma — https://bugzilla.redhat.com/2179892
Vendor advisory: alma — https://bugzilla.redhat.com/2177759
Vendor advisory: alma — https://bugzilla.redhat.com/2151959
Vendor advisory: alma — https://bugzilla.redhat.com/2150953
Vendor advisory: alma — https://bugzilla.redhat.com/2044578
Vendor advisory: alma — https://bugzilla.redhat.com/2043520
Vendor advisory: alma — https://bugzilla.redhat.com/2039178
Vendor advisory: alma — https://bugzilla.redhat.com/1999589
Vendor advisory: alma — https://bugzilla.redhat.com/1888726
Vendor advisory: alma — https://bugzilla.redhat.com/1746732
Vendor advisory: alma — https://bugzilla.redhat.com/1731000
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:3138
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-0500
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-0500.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:2950
Mitigation details
Description kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges Red Hat statement The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack…
Description
kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges
Red Hat statement
The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space. For Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled. For Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command: ``` # cat /proc/sys/kernel/unprivileged_bpf_disabled ``` The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw. A kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN (or CAP_BPF) capabilities.
CVSS v3: 7.0 (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.rt7.342.el8_10 | RHSA-2024:2950 | 2024-05-22T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.el8_10 | RHSA-2024:3138 | 2024-05-22T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel-0:4.18.0-477.81.1.el8_8 | RHSA-2024:10262 | 2024-11-26T00:00:00Z |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | kernel-0:4.18.0-372.91.1.el8_6 | RHSA-2024:0724 | 2024-02-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 9 | kernel | Affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Will not fix |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 5.15.54-1 | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.16.10-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 5.16.10-1 |
| debian | sid | fixed | 5.16.10-1 |
| debian | trixie | fixed | 5.16.10-1 |
References
- https://errata.rockylinux.org/RLSA-2024:2950
- https://www.suse.com/security/cve/CVE-2022-0500.html
- https://security-tracker.debian.org/tracker/CVE-2022-0500
- https://access.redhat.com/errata/RHSA-2024:3138
- https://bugzilla.redhat.com/1731000
- https://bugzilla.redhat.com/1746732
- https://bugzilla.redhat.com/1888726
- https://bugzilla.redhat.com/1999589
- https://bugzilla.redhat.com/2039178
- https://bugzilla.redhat.com/2043520
- https://bugzilla.redhat.com/2044578
- https://bugzilla.redhat.com/2150953
- https://bugzilla.redhat.com/2151959
- https://bugzilla.redhat.com/2177759
- https://bugzilla.redhat.com/2179892
- https://bugzilla.redhat.com/2213132
- https://bugzilla.redhat.com/2218332
- https://bugzilla.redhat.com/2219359
- https://bugzilla.redhat.com/2221039
- https://bugzilla.redhat.com/2221463
- https://bugzilla.redhat.com/2221702
- https://bugzilla.redhat.com/2226777
- https://bugzilla.redhat.com/2226784
- https://bugzilla.redhat.com/2226787
- https://bugzilla.redhat.com/2226788
Verify integrity in audit chain (admin only). AS-IS.