Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-4137-01

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Packet Storm
#vulnerability#linux#red_hat#java#intel#auth#rpm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2023:4137-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4137
Issue date: 2023-07-18
CVE Names: CVE-2022-1016 CVE-2022-42703 CVE-2022-42896
CVE-2023-2002 CVE-2023-2124 CVE-2023-2235
=====================================================================

  1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

  1. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

  • kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in
    net/bluetooth/l2cap_core.c (CVE-2022-42896)

  • kernel: use-after-free vulnerability in the perf_group_detach function of
    the Linux Kernel Performance Events (CVE-2023-2235)

  • kernel: uninitialized registers on stack in nft_do_chain can cause kernel
    pointer leakage to UM (CVE-2022-1016)

  • kernel: use-after-free related to leaf anon_vma double reuse
    (CVE-2022-42703)

  • Kernel: bluetooth: Unauthorized management command execution
    (CVE-2023-2002)

  • kernel: OOB access in the Linux kernel’s XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

  • Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6
    (BZ#2098210)

  • INTEL 9.0 BUG VROC: RAID rebuild doesn’t start after removing drive
    during FIO (BZ#2174890)

  • HPEMC RHEL 9 BUG: acpi-cpufreq: Skip initializtion if a cpufreq driver
    exists (BZ#2186564)

  • RHEL9.3: Update locking code to upstream 6.1 and further fixes
    (BZ#2187517)

  • block layer: update with upstream v6.0 (BZ#2196175)

  • rhel-9: Invalid character detected by rpminspect in
    Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208244)

  • Trouble getting callstacks when signal has interrupted clock_gettime
    (BZ#2210076)

  1. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel’s XFS subsystem
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

  1. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-devel-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-devel-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-headers-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
perf-5.14.0-70.64.1.el9_0.aarch64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:
kernel-doc-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
perf-5.14.0-70.64.1.el9_0.ppc64le.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-devel-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-devel-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-headers-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-devel-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm
perf-5.14.0-70.64.1.el9_0.s390x.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-devel-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-devel-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-headers-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
perf-5.14.0-70.64.1.el9_0.x86_64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:
kernel-5.14.0-70.64.1.el9_0.src.rpm

aarch64:
bpftool-5.14.0-70.64.1.el9_0.aarch64.rpm
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-core-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-core-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-modules-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-modules-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-libs-5.14.0-70.64.1.el9_0.aarch64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
python3-perf-5.14.0-70.64.1.el9_0.aarch64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:
kernel-abi-stablelists-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:
bpftool-5.14.0-70.64.1.el9_0.ppc64le.rpm
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-core-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-core-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-libs-5.14.0-70.64.1.el9_0.ppc64le.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
python3-perf-5.14.0-70.64.1.el9_0.ppc64le.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:
bpftool-5.14.0-70.64.1.el9_0.s390x.rpm
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-core-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-core-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-modules-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-modules-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-tools-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-core-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-modules-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
python3-perf-5.14.0-70.64.1.el9_0.s390x.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:
bpftool-5.14.0-70.64.1.el9_0.x86_64.rpm
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-core-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-modules-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-modules-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-libs-5.14.0-70.64.1.el9_0.x86_64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
python3-perf-5.14.0-70.64.1.el9_0.x86_64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-cross-headers-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.aarch64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

ppc64le:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-cross-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-cross-headers-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-cross-headers-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.x86_64.rpm
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2022-1016
https://access.redhat.com/security/cve/CVE-2022-42703
https://access.redhat.com/security/cve/CVE-2022-42896
https://access.redhat.com/security/cve/CVE-2023-2002
https://access.redhat.com/security/cve/CVE-2023-2124
https://access.redhat.com/security/cve/CVE-2023-2235
https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwCAAoJENzjgjWX9erEhgIP/3YYLK2bjhLKWvvRbMdH9gRU
mWFTBr3AeiKs9tMOpcqe5JbI2nwy6M41Qi8Mdz1D+5MC+4Yx+NTLFLmYKbwdY665
aO6IdgBXvkrEpVm3a4fjt4lFFa/66VsvzphmyduXKLGcMzHGShjGQpJZEHZYdpbN
EiS7Z1rEGLExmxt9z5vLbhzSmfPTH9bMKx6JL6EBWyimA/OYk1uysfAjVBMe1q6X
OS5VYobqY2HKj9+TT/cHe0rFZTK7q+9Gw3W3ndQ958p9yux3FrLgFF0oLdLiKwzH
IZC/cR+ivRnzpxUZD3YDc5Vag3faQ2VmIdBLMEMY6oXwHBYZyKEsCA7oZ1Eh0uCJ
nWYA7h7J0+CQiBSlo2DAv/pmsalLrOF4OJZ7kOVcXIS93EFjhZfr9zN+ap0A5y6a
UPEpGGLa19PPYy3g17y27JvtsCoErDcYVc/3w7yS+NE/cvrigyBxNl8BZZyWcPVT
ONN8rsrIQMA2LHgPygklxc/SHHRIgLEFJdKyuIc2Qc/wYS+XorsVfTmDi1WT29+H
4k0c0syaR5+XHbfwTylaVXAmTO8+pI0zN9bePZkv2josDzhgwQMO9uPFlPpKZnq6
rIrD2HZQH67vNdaM4i0RgZAJFiBrVsz73LlkEX5WYZ/UDsOdB62VLfqunuQuKmjG
AXwX8eBFthNYpnnQVPSa
=mkOj
-----END PGP SIGNATURE-----

RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Related news

Red Hat Security Advisory 2024-4098-03

Red Hat Security Advisory 2024-4098-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Red Hat Security Advisory 2024-1746-03

Red Hat Security Advisory 2024-1746-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6701-3

Ubuntu Security Notice 6701-3 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-1323-03

Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5627-01

Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5588-01

Red Hat Security Advisory 2023-5588-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6397-1

Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

RHSA-2023:5255: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-3090: A flaw was found...

Ubuntu Security Notice USN-6357-1

Ubuntu Security Notice 6357-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6349-1

Ubuntu Security Notice 6349-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6347-1

Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2023-4961-01

Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4962-01

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:4962: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...

Ubuntu Security Notice USN-6332-1

Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6331-1

Ubuntu Security Notice 6331-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6311-1

Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2023-4817-01

Red Hat Security Advisory 2023-4817-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

RHSA-2023:4817: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...

Debian Security Advisory 5480-1

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6300-1

Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

Ubuntu Security Notice USN-6283-1

Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

Red Hat Security Advisory 2023-4517-01

Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4541-01

Red Hat Security Advisory 2023-4541-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

RHSA-2023:4541: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Blue...

RHSA-2023:4515: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...

Ubuntu Security Notice USN-6254-1

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

RHSA-2023:4230: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code l...

Ubuntu Security Notice USN-6235-1

Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

RHSA-2023:4138: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...

RHSA-2023:4138: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...

Ubuntu Security Notice USN-6228-1

Ubuntu Security Notice 6228-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6224-1

Ubuntu Security Notice 6224-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly perform metadata validation when mounting certain images. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service. Wei Chen discovered that the InfiniBand RDMA communication manager implementation in the Linux kernel contained an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6206-1

Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.

Debian Security Advisory 5448-1

Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6186-1

Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3723-01

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3723-01

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3723-01

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3708-01

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3708-01

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3708-01

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3705-01

Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:3708: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...

RHSA-2023:3708: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...

RHSA-2023:3708: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...

RHSA-2023:3705: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2235: The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perf_group_detach and remove_on_exec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilte...

Ubuntu Security Notice USN-6175-1

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3517-01

Red Hat Security Advisory 2023-3517-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

RHSA-2023:3461: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connec...

CVE-2023-2002: security - CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.

RHSA-2023:2951: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...

CVE-2023-2124

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2023-2235

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.

Ubuntu Security Notice USN-6013-1

Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Red Hat Security Advisory 2023-1091-01

Red Hat Security Advisory 2023-1091-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1092-01

Red Hat Security Advisory 2023-1092-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

RHSA-2023:1091: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c fun...

Ubuntu Security Notice USN-5918-1

Ubuntu Security Notice 5918-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5916-1

Ubuntu Security Notice 5916-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5879-1

Ubuntu Security Notice 5879-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5875-1

Ubuntu Security Notice 5875-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5861-1

Ubuntu Security Notice 5861-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5860-1

Ubuntu Security Notice 5860-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5814-1

Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5804-2

Ubuntu Security Notice 5804-2 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5803-1

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-4543: EntryBleed: Breaking KASLR under KPTI with Prefetch (CVE-2022-4543)

A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.

RHSA-2022:9040: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.6.3 General Availability release images, which provide security updates, fix bugs, and update container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-41912: crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements

Ubuntu Security Notice USN-5774-1

Ubuntu Security Notice 5774-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8889: Red Hat Security Advisory: Openshift Logging 5.3.14 bug fix release and security update

Openshift Logging Bug Fix Release (5.3.14) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS * CVE-2022-42004: jackson-databind: use of deeply nested arrays

Ubuntu Security Notice USN-5756-1

Ubuntu Security Notice 5756-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a memory leak existed in the IPv6 implementation of the Linux kernel. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-5728-3

Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5728-1

Ubuntu Security Notice 5728-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

RHSA-2022:8267: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-0854: ...

RHSA-2022:7933: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-085...

RHSA-2022:7444: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2020-36558: kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2021-30002: kernel: memory leak for large argume...

CVE-2022-1016: CVE-2022-1015,CVE-2022-1016 in nf_tables cause privilege escalation, information leak

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

Ubuntu Security Notice USN-5466-1

Ubuntu Security Notice 5466-1 - It was discovered that the Linux kernel did not properly restrict access to the kernel debugger when booted in secure boot environments. A privileged attacker could use this to bypass UEFI Secure Boot restrictions. Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5415-1

Ubuntu Security Notice 5415-1 - Jeremy Cline discovered a use-after-free in the nouveau graphics driver of the Linux kernel during device removal. A privileged or physically proximate attacker could use this to cause a denial of service. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Packet Storm: Latest News

Zeek 6.0.9