Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4698: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation.
Red Hat Security Data
#vulnerability#web#linux#red_hat#dos#nodejs#js#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-08-22

Updated:

2023-08-22

RHSA-2023:4698 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64

Fixes

  • BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

Red Hat Enterprise Linux Server - AUS 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm

SHA-256: adfb55d418eb5ca28dd27bcc8cc62b806b1cbc6da9e1e2b050ad7da093a1f664

kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm

SHA-256: 23fa7ff3a1d7ee90d35c06c6dd66958fc6b145a55798cae9011252c1ecf186b4

kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

SHA-256: 3581c293a8512909a8472d7972eb33b542e53cc4f0b256b4e92050220cf4c268

x86_64

kpatch-patch-3_10_0-1062_71_1-1-3.el7.x86_64.rpm

SHA-256: 34895f32de140ff9c6c340949fe379dd68c87df80cdfda5084bf4e320ee475c6

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.x86_64.rpm

SHA-256: 18bd760b4f61c77a4d13b16e0950f1ad8b579e501bb569541efa83774acd0851

kpatch-patch-3_10_0-1062_72_1-1-2.el7.x86_64.rpm

SHA-256: 058ad40856e5b3d81d5460258cbba120070e68e5ae7cdb4600597de84813b8e0

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 24ec3ff0c99f1e334b15a73acd1e11e4f7fbf5203c970f60143747a7e0bc75d7

kpatch-patch-3_10_0-1062_76_1-1-1.el7.x86_64.rpm

SHA-256: 4a0484092f1f784e9e2e5878cc519e09166bc6985c54397c86cde6e11fceefb8

kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 58434f8cdcb11b361dd5fa1735e2e09626bc64ac73f2d3bd8730ce444ece33b0

Red Hat Enterprise Linux Server - TUS 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm

SHA-256: adfb55d418eb5ca28dd27bcc8cc62b806b1cbc6da9e1e2b050ad7da093a1f664

kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm

SHA-256: 23fa7ff3a1d7ee90d35c06c6dd66958fc6b145a55798cae9011252c1ecf186b4

kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

SHA-256: 3581c293a8512909a8472d7972eb33b542e53cc4f0b256b4e92050220cf4c268

x86_64

kpatch-patch-3_10_0-1062_71_1-1-3.el7.x86_64.rpm

SHA-256: 34895f32de140ff9c6c340949fe379dd68c87df80cdfda5084bf4e320ee475c6

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.x86_64.rpm

SHA-256: 18bd760b4f61c77a4d13b16e0950f1ad8b579e501bb569541efa83774acd0851

kpatch-patch-3_10_0-1062_72_1-1-2.el7.x86_64.rpm

SHA-256: 058ad40856e5b3d81d5460258cbba120070e68e5ae7cdb4600597de84813b8e0

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 24ec3ff0c99f1e334b15a73acd1e11e4f7fbf5203c970f60143747a7e0bc75d7

kpatch-patch-3_10_0-1062_76_1-1-1.el7.x86_64.rpm

SHA-256: 4a0484092f1f784e9e2e5878cc519e09166bc6985c54397c86cde6e11fceefb8

kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 58434f8cdcb11b361dd5fa1735e2e09626bc64ac73f2d3bd8730ce444ece33b0

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm

SHA-256: adfb55d418eb5ca28dd27bcc8cc62b806b1cbc6da9e1e2b050ad7da093a1f664

kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm

SHA-256: 23fa7ff3a1d7ee90d35c06c6dd66958fc6b145a55798cae9011252c1ecf186b4

kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

SHA-256: 3581c293a8512909a8472d7972eb33b542e53cc4f0b256b4e92050220cf4c268

ppc64le

kpatch-patch-3_10_0-1062_71_1-1-3.el7.ppc64le.rpm

SHA-256: 1eef216dd7f44f8973e581a77f74753b613a66d611118a7dad7e76c6d5e50490

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.ppc64le.rpm

SHA-256: 625fc8cdf449eeb45e00e086df07fe3ad3aadfa2d0058460d51edc8d7f01366c

kpatch-patch-3_10_0-1062_72_1-1-2.el7.ppc64le.rpm

SHA-256: 49cb4436ae0ddd14a6605c642efc1bcdaa22ba2fcf3ad80e4ce3de6fc655c996

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.ppc64le.rpm

SHA-256: 4dc42af50f055a101c6a4d09bf58d804d47c89debd79f33929910328d86f6011

kpatch-patch-3_10_0-1062_76_1-1-1.el7.ppc64le.rpm

SHA-256: 5747ff8734cd41d9177aba694535fe91bf7735ae587b3eeefbb121c524c83b8b

kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.ppc64le.rpm

SHA-256: 5bee092aa08f61397404e16060ebc4f33a4d6f191f0bc20aebdddc082515f1d1

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM

kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm

SHA-256: adfb55d418eb5ca28dd27bcc8cc62b806b1cbc6da9e1e2b050ad7da093a1f664

kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm

SHA-256: 23fa7ff3a1d7ee90d35c06c6dd66958fc6b145a55798cae9011252c1ecf186b4

kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

SHA-256: 3581c293a8512909a8472d7972eb33b542e53cc4f0b256b4e92050220cf4c268

x86_64

kpatch-patch-3_10_0-1062_71_1-1-3.el7.x86_64.rpm

SHA-256: 34895f32de140ff9c6c340949fe379dd68c87df80cdfda5084bf4e320ee475c6

kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.x86_64.rpm

SHA-256: 18bd760b4f61c77a4d13b16e0950f1ad8b579e501bb569541efa83774acd0851

kpatch-patch-3_10_0-1062_72_1-1-2.el7.x86_64.rpm

SHA-256: 058ad40856e5b3d81d5460258cbba120070e68e5ae7cdb4600597de84813b8e0

kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.x86_64.rpm

SHA-256: 24ec3ff0c99f1e334b15a73acd1e11e4f7fbf5203c970f60143747a7e0bc75d7

kpatch-patch-3_10_0-1062_76_1-1-1.el7.x86_64.rpm

SHA-256: 4a0484092f1f784e9e2e5878cc519e09166bc6985c54397c86cde6e11fceefb8

kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.x86_64.rpm

SHA-256: 58434f8cdcb11b361dd5fa1735e2e09626bc64ac73f2d3bd8730ce444ece33b0

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5603-01

Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:5575: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4128: A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. * CVE-2023-31248: A use-af...

Red Hat Security Advisory 2023-5244-01

Red Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5255-01

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4967-01

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

RHSA-2023:4961: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which ...

Red Hat Security Advisory 2023-4829-01

Red Hat Security Advisory 2023-4829-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-4817-01

Red Hat Security Advisory 2023-4817-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

RHSA-2023:4819: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE pa...

RHSA-2023:4829: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation....

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4515: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...

Red Hat Security Advisory 2023-4380-01

Red Hat Security Advisory 2023-4380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

RHSA-2023:4380: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-35788: A flaw was found ...

Ubuntu Security Notice USN-6234-1

Ubuntu Security Notice 6234-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Ubuntu Security Notice USN-6223-1

Ubuntu Security Notice 6223-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6212-1

Ubuntu Security Notice 6212-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Ubuntu Security Notice USN-6205-1

Ubuntu Security Notice 6205-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Debian Security Advisory 5448-1

Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6194-1

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.