Headline
RHSA-2023:5419: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.
- CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-10-03
Updated:
2023-10-03
RHSA-2023:5419 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
- hw: amd: Cross-Process Information Leak (CVE-2023-20593)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Fixes
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
- BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak
Red Hat Enterprise Linux Server - AUS 7.7
SRPM
kernel-3.10.0-1062.79.1.el7.src.rpm
SHA-256: 791800653d44223f6e22e5ce66abc97a534c5b41b7f8f36c0e7f8082ce4b1a96
x86_64
bpftool-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 551c49df31d93f7e3e40a0221a83bfffbd8bebf1196699a4b1cae9abf1912594
bpftool-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 4453c279fc8807939a694cd51caa9c4005ef9278f1b9692dac9e799cb2857283
bpftool-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 4453c279fc8807939a694cd51caa9c4005ef9278f1b9692dac9e799cb2857283
kernel-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 607c3a33cad2a051ec85d110c88a139fde678ec4ad72d02fffc4e927e4799033
kernel-abi-whitelists-3.10.0-1062.79.1.el7.noarch.rpm
SHA-256: 3077f30c88f085bca23d13f57b79ee6d194210823c8fc5d656acf167b7287434
kernel-debug-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 7f68dc3092036196c70d019d387c29630e24c479de8dd2115c4b757e154748da
kernel-debug-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 43a78e941b8742e1b61ad53253df5cd6edb03c2d5ffc004a59c4f80ee728f51f
kernel-debug-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 43a78e941b8742e1b61ad53253df5cd6edb03c2d5ffc004a59c4f80ee728f51f
kernel-debug-devel-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 493270079f2e6caa416b046ded69aa09984370e2b55a3d2cdd050065777fbd86
kernel-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 48c8c3cef26474c76e26f40fc555179eb1399bf69a6727f99c927930ce9c5bf8
kernel-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 48c8c3cef26474c76e26f40fc555179eb1399bf69a6727f99c927930ce9c5bf8
kernel-debuginfo-common-x86_64-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 172082b3ae68e241f4b36cb3ca3e79a86c551e8315a6ec537b17c9635febc375
kernel-debuginfo-common-x86_64-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 172082b3ae68e241f4b36cb3ca3e79a86c551e8315a6ec537b17c9635febc375
kernel-devel-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: da300fb6ff9d21ee7ac211f5094771028fba88244550a7522e495bef9bd2e0d7
kernel-doc-3.10.0-1062.79.1.el7.noarch.rpm
SHA-256: b6c2c098adcd78ae2b0ec9c83834b9fbb668e3902662056ba838a9e491a174d5
kernel-headers-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 5ba90d70d4254ff022fe7e2984ba924c98b0d2f2241a6b1475d69c21b3d9388e
kernel-tools-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: dae8025b1b94fec901a5383b84f924e3ebd8fd227195e426a52a77c8dc1aab62
kernel-tools-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 37579e11bdb6d256badde4ac76ffd1a764c1df5f7821afbddb83260b4c3f1abd
kernel-tools-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 37579e11bdb6d256badde4ac76ffd1a764c1df5f7821afbddb83260b4c3f1abd
kernel-tools-libs-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 20328dab0b6587c3921f679de40935c49f457b911944f28c761ea42a0d4a6f2a
kernel-tools-libs-devel-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: ef37a276127959826fddf1512de8c8e73629b00a9f3638e4e30a9de1172241a4
perf-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 1126675ef4a947ab06da8cbbb020a6dd051069d0d559b6c9b695b97eab764e7f
perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 7b63b790af7b34bd3e22f635d8acbeace44eb9fb19b802695f0a1fe13a24d0fd
perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 7b63b790af7b34bd3e22f635d8acbeace44eb9fb19b802695f0a1fe13a24d0fd
python-perf-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: de0a926326671a7f9ef3e6e120c85fe8262a0ec1ea81d444a04e11d3a23f1037
python-perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 9920d205e717bd4bf6bf06b036906019cd2559b48335618050358468742ed508
python-perf-debuginfo-3.10.0-1062.79.1.el7.x86_64.rpm
SHA-256: 9920d205e717bd4bf6bf06b036906019cd2559b48335618050358468742ed508
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6532-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-7513-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Issues addressed include an information leakage vulnerability.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5607-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.
An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances.
Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-5068-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include an information leakage vulnerability.
Ubuntu Security Notice 6346-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6325-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6321-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as
Ubuntu Security Notice 6244-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversin...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traver...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...
Red Hat Security Advisory 2023-4145-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kpatch-patch-4_18_0-193_100_1, kpatch-patch-4_18_0-193_105_1, kpatch-patch-4_18_0-193_95_1, and kpatch-patch-4_18_0-193_98_1 is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user...
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local ...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-afte...