Headline
RHSA-2023:4815: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in
__ip_options_echo
and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. - CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation.
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
- kernel: OOB access in the Linux kernel’s XFS subsystem (CVE-2023-2124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021", RHEL 8.8GA (BZ#2211657)
- rbd: avoid fast-diff corruption in snapshot-based mirroring, RHEL 8.9 (BZ#2216772)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel’s XFS subsystem
- BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
- BZ - 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
kernel-4.18.0-193.113.1.el8_2.src.rpm
SHA-256: 86ca62121763d2df6a9eff1b860f172563970f6626f5658cfcf52b2f688dfa55
x86_64
bpftool-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: fca0e6a8f2ae68fd1b8080decb6a75849378c9ce2634ce772a23cbc7fbd058ed
bpftool-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 28b4b660c7c26baae2262376984a21a7de392f11095011a0a40944466b89c19c
kernel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5a633b2e71296c2506f8d3cf85845b750d6fee3f572d3a9d48e1105b0a2ad91a
kernel-abi-whitelists-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: da6a498376e2c2d2d94dcd21ea6b4ee1fb03bdee97f0e0ab59a5eca455f64377
kernel-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 693f0ed40a9bdd3a54f47e80b14e7de298aabe7ba16ebd4a0ec85dbe621afaf1
kernel-cross-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: dfbed95bb13ed43975b19b90ac15fcaa65567823f3132286b839287cb0952e84
kernel-debug-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3259a021676cd1254902c3d22f722e6106ec0356309e8258d22f1e683a7f46bf
kernel-debug-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: cb342c404930e4b835daa723ba783677dbb2357f8c6763cf1d51fdd1e42cb9ca
kernel-debug-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: f444c0d98ccf139ea7adb21277a085b1c74119d53ec6c726e039503b8b431a40
kernel-debug-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 829a807ff03277ea88fd46e2eb0d02e75c574454079ebda437d41080c47c8b4f
kernel-debug-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 1daaea18304678b2032bfe24b15a18c9d68de22bb96dc0022e31cd7e5a0a0abb
kernel-debug-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 2124523a2c3458da34294fdc746aee9ca5b74144a4bbf1d24c97f685331b2f62
kernel-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 4e46d256ddb2c277a86c949bf90c5e7361ee81df8191a727e48aaf0f78e65d4a
kernel-debuginfo-common-x86_64-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 692edd8c03c1d4398d1aa80bb5df926e16d33b92ffbb3b1dcdebe435a61d00d7
kernel-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c18da2fb01f023d1fe9cacdcf9a0e9b90a2449069d743ce641c4d2c00d4e9e87
kernel-doc-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: 50f3bd88cabd33109258df070ecf098e8f28d357d5dc687a0feec8f68b3e1934
kernel-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: e9e7097365045cd34f27afce960b404eac5f375b813b68b1e663051a724e8a6a
kernel-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: ed9b08d69e0de8dbc38a0fa0ef79feb21c408c46c2e7a05c0623c6e4881fa43f
kernel-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5d819663b49815704abcbb78c99a60ecb40ec1c511371a73718b25e31b1a5184
kernel-tools-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3d481e0b2f8f82cb39e662caf3a84bbecbe8af18a5bb435cd514c85e50ada08a
kernel-tools-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 73e6297ca5439982a3b21fc4b887fde415f708a2a2aaf0b1d4a1b77e77b11c0c
kernel-tools-libs-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d1240922965e5c6406b41eecf7d4c4f3bde6cedfcc7212ac09ae843eb8c735ea
perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d6ec127dc8aa0d1bbc45bec5fd7745e30bef5e94ce7fbf6e5bad3c9d707a584b
perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3e88512f4a4ca3a70ee7f915810b229cf5dbd71f540e986161cc617b3d7e20e1
python3-perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 443bbeed43cc3b47b82b9601beac9fcb1ec45bfeae72d50f208a5045a5945ee5
python3-perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c1e75887057cc4dbfa7f329610b3eabe7637907af5c55ef09975aba1015d6341
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
kernel-4.18.0-193.113.1.el8_2.src.rpm
SHA-256: 86ca62121763d2df6a9eff1b860f172563970f6626f5658cfcf52b2f688dfa55
x86_64
bpftool-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: fca0e6a8f2ae68fd1b8080decb6a75849378c9ce2634ce772a23cbc7fbd058ed
bpftool-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 28b4b660c7c26baae2262376984a21a7de392f11095011a0a40944466b89c19c
kernel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5a633b2e71296c2506f8d3cf85845b750d6fee3f572d3a9d48e1105b0a2ad91a
kernel-abi-whitelists-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: da6a498376e2c2d2d94dcd21ea6b4ee1fb03bdee97f0e0ab59a5eca455f64377
kernel-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 693f0ed40a9bdd3a54f47e80b14e7de298aabe7ba16ebd4a0ec85dbe621afaf1
kernel-cross-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: dfbed95bb13ed43975b19b90ac15fcaa65567823f3132286b839287cb0952e84
kernel-debug-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3259a021676cd1254902c3d22f722e6106ec0356309e8258d22f1e683a7f46bf
kernel-debug-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: cb342c404930e4b835daa723ba783677dbb2357f8c6763cf1d51fdd1e42cb9ca
kernel-debug-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: f444c0d98ccf139ea7adb21277a085b1c74119d53ec6c726e039503b8b431a40
kernel-debug-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 829a807ff03277ea88fd46e2eb0d02e75c574454079ebda437d41080c47c8b4f
kernel-debug-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 1daaea18304678b2032bfe24b15a18c9d68de22bb96dc0022e31cd7e5a0a0abb
kernel-debug-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 2124523a2c3458da34294fdc746aee9ca5b74144a4bbf1d24c97f685331b2f62
kernel-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 4e46d256ddb2c277a86c949bf90c5e7361ee81df8191a727e48aaf0f78e65d4a
kernel-debuginfo-common-x86_64-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 692edd8c03c1d4398d1aa80bb5df926e16d33b92ffbb3b1dcdebe435a61d00d7
kernel-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c18da2fb01f023d1fe9cacdcf9a0e9b90a2449069d743ce641c4d2c00d4e9e87
kernel-doc-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: 50f3bd88cabd33109258df070ecf098e8f28d357d5dc687a0feec8f68b3e1934
kernel-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: e9e7097365045cd34f27afce960b404eac5f375b813b68b1e663051a724e8a6a
kernel-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: ed9b08d69e0de8dbc38a0fa0ef79feb21c408c46c2e7a05c0623c6e4881fa43f
kernel-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5d819663b49815704abcbb78c99a60ecb40ec1c511371a73718b25e31b1a5184
kernel-tools-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3d481e0b2f8f82cb39e662caf3a84bbecbe8af18a5bb435cd514c85e50ada08a
kernel-tools-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 73e6297ca5439982a3b21fc4b887fde415f708a2a2aaf0b1d4a1b77e77b11c0c
kernel-tools-libs-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d1240922965e5c6406b41eecf7d4c4f3bde6cedfcc7212ac09ae843eb8c735ea
perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d6ec127dc8aa0d1bbc45bec5fd7745e30bef5e94ce7fbf6e5bad3c9d707a584b
perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3e88512f4a4ca3a70ee7f915810b229cf5dbd71f540e986161cc617b3d7e20e1
python3-perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 443bbeed43cc3b47b82b9601beac9fcb1ec45bfeae72d50f208a5045a5945ee5
python3-perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c1e75887057cc4dbfa7f329610b3eabe7637907af5c55ef09975aba1015d6341
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
kernel-4.18.0-193.113.1.el8_2.src.rpm
SHA-256: 86ca62121763d2df6a9eff1b860f172563970f6626f5658cfcf52b2f688dfa55
ppc64le
bpftool-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 4bc1bbc9bd5da2b75bc80310e4ca5b5c83bbbfd25aba630a205c7f5d449ab6eb
bpftool-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 57c2ed007c4ef9a0d8c7589405ea88f10a0e071843fcf2f9782f35d0a9ad8c70
kernel-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: b10d89e953b2c7e7e77e937d8d26d863e704cac43e821981eec3dc09c3a7b45a
kernel-abi-whitelists-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: da6a498376e2c2d2d94dcd21ea6b4ee1fb03bdee97f0e0ab59a5eca455f64377
kernel-core-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 4481fd4c2046d90649824d1a0dbebf39308a213182f18aa06fee4195cfa19048
kernel-cross-headers-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 10d1d00c34eb4f71f0be1af675d718f082efce6966e882681f52d4da7b0f19e3
kernel-debug-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: b4ebc3b742430a33637d37d10da958621695c3457482182f5b60af6debd6a7a0
kernel-debug-core-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 8b84e5526ee6b70f35dc3b14ed186a8aba939adee84f680949f01fe206ade98e
kernel-debug-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: b44b5fe8f9673e5973af927e62ee2e531b1cc7c531468eb264236cae03beb47a
kernel-debug-devel-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: bc8e9c39ba854cd16a843aa3cc8ceee089a19b7780f16f206786fbc9ae507416
kernel-debug-modules-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: c99610e1ae00f44705d182f08c6cc6f7550d815f1afc471595a5dcc6d209e036
kernel-debug-modules-extra-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: c87ffc5de3777925918de540c708aa08333cafb6a8af9e1c65bfdaa5679036ff
kernel-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: fdb844cb9d6474fe65af37025e13eae1dbc4bf9082032c5b5a1d60fa56c12a46
kernel-debuginfo-common-ppc64le-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: b9dd73090ea46199b31bd4f90ca88d1ee30c5b23ef0056735d58df400370c9cd
kernel-devel-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 3bc8fea6e13a6e71a98f92ed1dc9ed15576d86aedb74f6a3b84154163b1f159d
kernel-doc-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: 50f3bd88cabd33109258df070ecf098e8f28d357d5dc687a0feec8f68b3e1934
kernel-headers-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 2ec32a5ac9411267054e87dbdbde1bbd68108ab75ab390579f6496222cab7d41
kernel-modules-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 377062b283fb92326dd6321c879ab8bc4903075c18f313087e060913f402bce6
kernel-modules-extra-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: e48fab893623fc823e0a77a93871bc7e5fc5b1cbaa2d4b83115c97ec28dd82db
kernel-tools-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: fb66083d1ff3fceda659cc16e59de5ef7c5b89004ef3493af60dd5fea1067799
kernel-tools-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 982682fad63d96e3efb182f859af7dc612a7d326a406e1edda187c44136bc38b
kernel-tools-libs-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: fed29899c6d7987c8948dc6d853c2f0bf370f0218f4c110f72384f59211ce496
perf-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 775c4f19910b9d13902445eeecc98c791abc2fa23556fbc3309bf0c4b0bdd195
perf-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 7ba07f4c3f9b3538e324e41b3fbd2021b72851b3057d4456a044ba0914b47fc0
python3-perf-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 96299ad77fda185d6c69cf78817445af2ec114a39d9c07935c828cbfdfbbee45
python3-perf-debuginfo-4.18.0-193.113.1.el8_2.ppc64le.rpm
SHA-256: 17881f1151914f2154ca06be78614ef1286b495ed3c208632bd14cbb98590a4d
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
kernel-4.18.0-193.113.1.el8_2.src.rpm
SHA-256: 86ca62121763d2df6a9eff1b860f172563970f6626f5658cfcf52b2f688dfa55
x86_64
bpftool-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: fca0e6a8f2ae68fd1b8080decb6a75849378c9ce2634ce772a23cbc7fbd058ed
bpftool-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 28b4b660c7c26baae2262376984a21a7de392f11095011a0a40944466b89c19c
kernel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5a633b2e71296c2506f8d3cf85845b750d6fee3f572d3a9d48e1105b0a2ad91a
kernel-abi-whitelists-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: da6a498376e2c2d2d94dcd21ea6b4ee1fb03bdee97f0e0ab59a5eca455f64377
kernel-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 693f0ed40a9bdd3a54f47e80b14e7de298aabe7ba16ebd4a0ec85dbe621afaf1
kernel-cross-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: dfbed95bb13ed43975b19b90ac15fcaa65567823f3132286b839287cb0952e84
kernel-debug-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3259a021676cd1254902c3d22f722e6106ec0356309e8258d22f1e683a7f46bf
kernel-debug-core-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: cb342c404930e4b835daa723ba783677dbb2357f8c6763cf1d51fdd1e42cb9ca
kernel-debug-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: f444c0d98ccf139ea7adb21277a085b1c74119d53ec6c726e039503b8b431a40
kernel-debug-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 829a807ff03277ea88fd46e2eb0d02e75c574454079ebda437d41080c47c8b4f
kernel-debug-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 1daaea18304678b2032bfe24b15a18c9d68de22bb96dc0022e31cd7e5a0a0abb
kernel-debug-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 2124523a2c3458da34294fdc746aee9ca5b74144a4bbf1d24c97f685331b2f62
kernel-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 4e46d256ddb2c277a86c949bf90c5e7361ee81df8191a727e48aaf0f78e65d4a
kernel-debuginfo-common-x86_64-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 692edd8c03c1d4398d1aa80bb5df926e16d33b92ffbb3b1dcdebe435a61d00d7
kernel-devel-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c18da2fb01f023d1fe9cacdcf9a0e9b90a2449069d743ce641c4d2c00d4e9e87
kernel-doc-4.18.0-193.113.1.el8_2.noarch.rpm
SHA-256: 50f3bd88cabd33109258df070ecf098e8f28d357d5dc687a0feec8f68b3e1934
kernel-headers-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: e9e7097365045cd34f27afce960b404eac5f375b813b68b1e663051a724e8a6a
kernel-modules-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: ed9b08d69e0de8dbc38a0fa0ef79feb21c408c46c2e7a05c0623c6e4881fa43f
kernel-modules-extra-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 5d819663b49815704abcbb78c99a60ecb40ec1c511371a73718b25e31b1a5184
kernel-tools-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3d481e0b2f8f82cb39e662caf3a84bbecbe8af18a5bb435cd514c85e50ada08a
kernel-tools-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 73e6297ca5439982a3b21fc4b887fde415f708a2a2aaf0b1d4a1b77e77b11c0c
kernel-tools-libs-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d1240922965e5c6406b41eecf7d4c4f3bde6cedfcc7212ac09ae843eb8c735ea
perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: d6ec127dc8aa0d1bbc45bec5fd7745e30bef5e94ce7fbf6e5bad3c9d707a584b
perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 3e88512f4a4ca3a70ee7f915810b229cf5dbd71f540e986161cc617b3d7e20e1
python3-perf-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: 443bbeed43cc3b47b82b9601beac9fcb1ec45bfeae72d50f208a5045a5945ee5
python3-perf-debuginfo-4.18.0-193.113.1.el8_2.x86_64.rpm
SHA-256: c1e75887057cc4dbfa7f329610b3eabe7637907af5c55ef09975aba1015d6341
Related news
Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5575-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...
Red Hat Security Advisory 2023-5244-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-3090: A flaw was found...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-3390: A use-after-free f...
Ubuntu Security Notice 6347-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privileg...
Ubuntu Security Notice 6331-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Red Hat Security Advisory 2023-4888-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of servic...
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...
Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 6300-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4456-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.8. Issues addressed include an add administrator vulnerability.
Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat OpenShift Container Platform release 4.13.8 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-35788: A flaw was found ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45869: A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled. * CVE-2023-0458: A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() ...
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6234-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.
Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1016: A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. * CVE-2022-42703: A memory leak flaw with us...
Ubuntu Security Notice 6223-1 - It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service. It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type confusion vulnerability in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6220-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.