Headline
RHSA-2023:1566: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
- CVE-2022-4378: A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem.
- CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Synopsis
Important: kernel security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
- kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
- kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
- RHEL8: Practically limit “Dummy wait” workaround to old Intel systems (BZ#2142170)
- AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
- RHEL-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
- Kernel panic observed during VxFS module unload (BZ#2162763)
- Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
- RHEL8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
- kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
- Windows Server 2019 guest randomly pauses with “KVM: entry failed, hardware error 0x80000021” (BZ#2166368)
- Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
- panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
- net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
- RHEL 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
- mlx5: lag and sriov fixes (BZ#2167647)
- RHEL8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
- GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
- Azure RHEL8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
- fast_isolate_freepages scans out of target zone (BZ#2170576)
- Backport Request for locking/rwsem commits (BZ#2170939)
- ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
- Hyper-V RHEL8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
- Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Fixes
- BZ - 2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action
- BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
- BZ - 2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation
- BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
CVEs
- CVE-2022-4269
- CVE-2022-4378
- CVE-2023-0266
- CVE-2023-0386
Red Hat Enterprise Linux for x86_64 8
SRPM
kernel-4.18.0-425.19.2.el8_7.src.rpm
SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e
x86_64
bpftool-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 564a652fdb3ae19f85a7eaa3c83ec964b3c1a29d93626a4f192a7ae8f9af3e3a
bpftool-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: db0bc8449a36e4439b2259da3a082429c095c7a2a7cad91f74c81d1b12e8c46b
kernel-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 486ad2b55ddbb123bcfc7d0457b65c25c6f772ff52f849b7cec01a557cee960f
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24
kernel-core-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 47ee46d45d7988330c240f35cf52f11b5338f956294a62830de30515d60574fe
kernel-cross-headers-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: aece664adf5e7911aea0063f096efba6d7ce4c23e28d5acc7da541d0da1dc0de
kernel-debug-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 5c5f5ca3ac45f2d807a7e3432425536f61095d646bc2d2e7138a7fab6c31841b
kernel-debug-core-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 98aa999a9e568b8dc7cf6ac5b1ba917873a2518719a6ae9f4f9fe2be3a4e7ab9
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 2be6f97eb0b286aab851d788a589c2085d8bb04abdf3a263c539803c0164a491
kernel-debug-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 6d7b5630fa18582b6aeacecec59f45b191570471682102a699ca510e22bbdff9
kernel-debug-modules-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: d1d2537fb6a54c2e0bdc080dd217da1372daa3495aa9d78e0f8f722285df6c5a
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: ca220564d7cd9887572fc42f33b40cee08692d51cbef902d6c771926e860b0b4
kernel-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: a296c682a1c83a07e62b9d5fab3fcf60472ffd73cdc8915c9078de14d4d14d74
kernel-debuginfo-common-x86_64-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: e4eb12ea5cce5a77e83ab00d9c1ddf41e686b0690fa57ba6878ebd15635945c0
kernel-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 4bd4cd5b58dc04964897641385f303f02c667f004a66379558fbb7a952e50ea7
kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72
kernel-headers-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: e628125928f1b58cae00adfe21c0102777c1fd741799f1089357e070c7595941
kernel-modules-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 07039180614ee834aa93d140281c514f8149a683bcda160e2e3a03b0f0572203
kernel-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 9713dee21c3fc11437f8fe1cadf37228ad4b0aad2643a4cbc2bfbb07db86372f
kernel-tools-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 68f4fd059d65a8d5e0ee764aaabe6534cfa023ccffe38bb9caa3b77f0a070b56
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 3f0741d149e0c2d55206a9eff446309f9900be40703e4a70424469b4a8c79d7d
kernel-tools-libs-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 46cf0c6b74044113b4da98cc7ce8febc245185c16045b126bc343e1fde8eae5b
perf-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 9b4839d644c31ab0dec646f9cc4f605229a185933c6cb32b9f2ee2a20029bdb1
perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 747a7071d8d3f38e8d67d63ad8f916950eb6c8c2a916553ae763705bf865a53d
python3-perf-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: d03f7b34e2eca7ee31a350dc805d35864e588f6b8c3da5294794d39eef09b39e
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 75d887e7073b7926a70310977cb4792fdbb05d83ac0fd2a2ae09adb6b4052aab
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
kernel-4.18.0-425.19.2.el8_7.src.rpm
SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e
s390x
bpftool-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 496aeedfc37a55042a6b28671c0e8ca2328de7209205322bf0a383d5049ca110
bpftool-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: f29faac03a03cb5bf647936166e7726a0c716dd3306d13ccf320e367fdf480ce
kernel-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 8d605ae43ded35a9ef7bfa0143d7f3ea79b70f67dcbcbb720d5a1804d2c0e76a
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24
kernel-core-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 8ed7bb7a1d914d20f9675547871fcc213ea85c995317b784b087720aa6781fb6
kernel-cross-headers-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d3b08e8ebf7e64be860c7b902a60e720ceb3d225e6284d48dd4cb9f8558d961b
kernel-debug-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 23c0c8442fc8b4679c00b3d18122dd1550340b2caa14bafe9308637c8868f7c3
kernel-debug-core-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 32ab8229c8489963bf0e53ee9a2b0890de32f15fa522b8df770953dce34d86e6
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 4aa2a40de02ec154f70c909fc795722cd410385a712a48476dbe563f63939d8c
kernel-debug-devel-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: f989d7f366a6a7f7cc190acb46b84fdd243495dcb0c7e37a436b7177d3c20229
kernel-debug-modules-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 8245cc185f0e12235c8f949e26ea7602c9c41dc306f8e462322d1dad8673fdfa
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 87b9036bce71c497232da4358e24da3942856ef5faaab29e2077dcee0af36e14
kernel-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 0bc3ae1cd711bfce54619819a3c917a22d0a00ae5c9d00504854e012c54247cc
kernel-debuginfo-common-s390x-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 51f6f07f9197c6ba35693303fcfb10d4c7c0ae91f704b99afd3d97f1ec6e8009
kernel-devel-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 46ce241e728be97c3290ad324ecb48639cbb9a47f0970c71bdd89d7750b6402a
kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72
kernel-headers-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 14673fed54ab468eb8f8442e1346b3e3f56ac2a5364b7072722d92688777f3d5
kernel-modules-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d02da8bd8994ccb0cd45adec5746dd120d554079e3c8a3eec6a69ecc0efe3532
kernel-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 4546ddd8581de9daba2b9ff19f62a0b34be150ef3f298d6b21248310e2b5db9e
kernel-tools-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d0174e3daf299b53d10c02dd4d3f68cba41ea2a01661bca87ca1dfe06f3aedec
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 9075f6d093f381f12d317f99de72ef0d5a9d6b65d986ad96c2e008cba80e3f27
kernel-zfcpdump-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 689de5f2277ffb8470b778e03e221f46ef3523bbe35af964698a06993cf83b5f
kernel-zfcpdump-core-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d646836f20743c340b299b06c86ab79a27a4974a91fcc1304940dbe48463a49e
kernel-zfcpdump-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d9e22955b170ce27eb1e8f7d13256e97c3e98e20809e25ef3c9b66ee78011ecb
kernel-zfcpdump-devel-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: fee6c93307ef811813344d1b1b5ec88233f9c4877f44c0089f4724ca3a1878ec
kernel-zfcpdump-modules-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 81237cc8cdc759dfecf8b00db48c8154ac55fb53e81580775d9cd82c45d7142f
kernel-zfcpdump-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: d6abd9cc7b0ac95a575bfbb05759c54d36d419bccbd7f9ce662e59bdf8e4dc3b
perf-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 7fd37a4b6a04f0f17f53ea7a9dc4b2c9ebb6818f42b125ccef77530bbb873232
perf-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 3f87136629446e95221dbcfbd2eac6976656e8771c9ef17e0836522db70bafd8
python3-perf-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: 47588fde9eda2989939e27daf99b903f318eb41919478baa51a52ef431c0caa5
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm
SHA-256: fb9bb1d50acc56ee0e17104d3a975a3f0d3476dbf506d29b33355130625caba1
Red Hat Enterprise Linux for Power, little endian 8
SRPM
kernel-4.18.0-425.19.2.el8_7.src.rpm
SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e
ppc64le
bpftool-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: b49c675f7f6ab64f5552fed5ba7dbbd9422a68f86ff1cfcf7d4d21fdba8d24f1
bpftool-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 3b42d5b1ace294c922b70dd6c3b7482588a2a0de775e5d7cf381b6411b97a939
kernel-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 2611e8a94a7cfb9c532cd0cfd1087f9ef2f89fcc31bd2bf45a5a57ff5cdd5265
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24
kernel-core-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 57d85fa8e1f4a73e19027843d540ea76fa683bc61e3047cf5648f20455444624
kernel-cross-headers-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 1a272fe6e200b11c9eb0f7d2fca1d94803fde4ed03d09cc068c4c3145bf2e700
kernel-debug-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: bace8fdab98ab6efffc9fc6f2936360b74beabf9da4a4f1023e8ffaf9c1b84b3
kernel-debug-core-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 4d78d59aacaf24ac9d76710a09c6f1f3db8f1cd0019abcc4c30b77b5217a1266
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: c84c85692b2d74f7d3d935cf617e13dbe1822344d8ca35bf66ff0c9f06f18256
kernel-debug-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 391ab53b28ee77bf30d4b8d834fda4031d46851d245ee167c967f383f186a4f1
kernel-debug-modules-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: e07b74fc6dc82c43f31f536d44102bd47c1c61b6d41e4040d4c204e2f37a1338
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 7038cbfc5034700ed18ef307b73a42f7751262ed3d2f10d6892f8083b2c4c70c
kernel-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 93adc2d368fb4e86facac8b80ed0f428086a2aa87fc3619b8757f250fa053673
kernel-debuginfo-common-ppc64le-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 079591e79c026abfeaa6873016d0254ef4d0f7ebd722d5b764f7dc097cc92797
kernel-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 562ce66bd2c80d99fba06950f274b207022dba116eee4245f6246d7d229fdbfb
kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72
kernel-headers-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 6c5926a302e4f217c90aebad8d8e617f975c7803b751a676bfd117e8d53de332
kernel-modules-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: abe2dfc058fc793b15e4d63c06cb7dc0c312d11eb85453523ce07e1939ec179e
kernel-modules-extra-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: bc96d362d226b0bd85addad3c8b56bbf799dfa340eaedf80c88fa115f7e7580c
kernel-tools-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: ad70a3becc092043ec2c3ba7c3e3b455e2493c95721d7452e615ac12d91f8c60
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 33aa560c6ad474938f6a848f2dd04511897e004f565a2cc9a426cac89ae6008c
kernel-tools-libs-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 5fb9b4a65dd098444e311ebdd82e4cb56a66674ec119e10438ce49106b96ce19
perf-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: f9b30970f23941b3d485c92afb05afd3ebf9335c9827604449dd14b4cf6426f3
perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 76e2398e1b73e127ce9cef838dacdb866ec8a0e5618f63836fd9c4dc4c03da70
python3-perf-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 566497b1c1028dd99347e4967d723e84617a97c09ac7023ae6ea030d40be7c5f
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 649270d278982e7905adf5821092a8fee501739b31a7eafad1fc468d7dc66881
Red Hat Enterprise Linux for ARM 64 8
SRPM
kernel-4.18.0-425.19.2.el8_7.src.rpm
SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e
aarch64
bpftool-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 82730eeeb6041d3ec92f004c630d4675d79f882e03f9993d6b0cfe1879f566cf
bpftool-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 43ce3a880a62f62536befa0422f1d210450930a7500dde3956113dc6496534b9
kernel-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: e3bfaea3546c331636d90aa2c64a8e22b5c464d4b283480016733371b651627e
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24
kernel-core-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c932d267d7d5ccc3763011b9035d4cf5ef41bc75daf71dcb7cae7ff6e8fb86a4
kernel-cross-headers-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 41a7b7870928b2f51a93856075a52b2c870695656419a768f7def51bc238a40b
kernel-debug-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: d42ad852927214d47f32a7ce16d2e747e94bb96f57517d0fc631b6e6530a03ef
kernel-debug-core-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 7e6e42b14b433b028a4d2cca1af11e88b730c0b435fcf53eb9d896e0386bd4fc
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 9e29fc932aad326b8d48a6bfe069b38d727d9cd94a66154315d0bf64d9cf8c2a
kernel-debug-devel-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 2663c2f9b19b92516233eb2e28f61deadecbcccfb190ea0f13f95325e49222b2
kernel-debug-modules-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 30991a398cf11f8bb161d798e7aa5a993fb3e2540a1f84958b2f712053aed6c7
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 87252f9526099d1deef89bb772922bf24a10bef3b8d7ab3e576fb6ba19434fb4
kernel-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c2894260e90c00855d9e42adf7ddbfe89b16620d6b5760b5cacb4a8512bc7489
kernel-debuginfo-common-aarch64-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 85ada52f6349993a31d4f8b1bb7660db9e4ad2083b62164910d3cc974208e24e
kernel-devel-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 83d48bb71f80ae30082f000a8893c104431f8e0af3e4998a77a91d474327841d
kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm
SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72
kernel-headers-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: a5ce23ed3ee0e11a9cb94ac1ce9f1ee2d6c4296e0cf57aa750822992b83a7f79
kernel-modules-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: f004872f0217bc8b9444913273f3dbfd1b5fb9eb7ec0a5490020a427c1296168
kernel-modules-extra-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 52a21d3a63cf27c374fef1a636866ddbdc7400deb637348b2daefa0c9cf96769
kernel-tools-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: ef48ab9da2caffcac0b518ac3c67cb87b416a3e746d2f2dfad023631785e1dc1
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c27b837437ee7a5d1b93f812fbb55c366e22d6c2c16396cf1ed8d942889e3928
kernel-tools-libs-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 06a154e5d1efb7435fcce21ee445407c770f537c7cb7bb3bfad2d9a15584597f
perf-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 28d5b7fff1d40dd22af18f553aa5d85161fb593ac7d0c58432339677f0e8041c
perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c5f67b8cfdc6fa2ad899ba231b98f66f3bff637d75f63ac5deedcd419be3aca4
python3-perf-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 696aee54c37de6a27db47fd30272b27dfeaeb6eb269fdc2bf76eb064ffb65fe2
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 16dec33bcc31cc6ec35ac695368a8bfa25e7279d4116b020df6f555437a508a1
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
bpftool-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: db0bc8449a36e4439b2259da3a082429c095c7a2a7cad91f74c81d1b12e8c46b
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 2be6f97eb0b286aab851d788a589c2085d8bb04abdf3a263c539803c0164a491
kernel-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: a296c682a1c83a07e62b9d5fab3fcf60472ffd73cdc8915c9078de14d4d14d74
kernel-debuginfo-common-x86_64-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: e4eb12ea5cce5a77e83ab00d9c1ddf41e686b0690fa57ba6878ebd15635945c0
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 3f0741d149e0c2d55206a9eff446309f9900be40703e4a70424469b4a8c79d7d
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 1bfecdeebb75656905c709c90e6d5681887776f8e1507e29844617694a3c62cd
perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 747a7071d8d3f38e8d67d63ad8f916950eb6c8c2a916553ae763705bf865a53d
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm
SHA-256: 75d887e7073b7926a70310977cb4792fdbb05d83ac0fd2a2ae09adb6b4052aab
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
bpftool-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 3b42d5b1ace294c922b70dd6c3b7482588a2a0de775e5d7cf381b6411b97a939
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: c84c85692b2d74f7d3d935cf617e13dbe1822344d8ca35bf66ff0c9f06f18256
kernel-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 93adc2d368fb4e86facac8b80ed0f428086a2aa87fc3619b8757f250fa053673
kernel-debuginfo-common-ppc64le-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 079591e79c026abfeaa6873016d0254ef4d0f7ebd722d5b764f7dc097cc92797
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 33aa560c6ad474938f6a848f2dd04511897e004f565a2cc9a426cac89ae6008c
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 78a065ffc2e6292a63dc7f6f5281bd4eb17d99fad13d3e9bebffc3e36f5b7937
perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 76e2398e1b73e127ce9cef838dacdb866ec8a0e5618f63836fd9c4dc4c03da70
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm
SHA-256: 649270d278982e7905adf5821092a8fee501739b31a7eafad1fc468d7dc66881
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
bpftool-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 43ce3a880a62f62536befa0422f1d210450930a7500dde3956113dc6496534b9
kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 9e29fc932aad326b8d48a6bfe069b38d727d9cd94a66154315d0bf64d9cf8c2a
kernel-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c2894260e90c00855d9e42adf7ddbfe89b16620d6b5760b5cacb4a8512bc7489
kernel-debuginfo-common-aarch64-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 85ada52f6349993a31d4f8b1bb7660db9e4ad2083b62164910d3cc974208e24e
kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c27b837437ee7a5d1b93f812fbb55c366e22d6c2c16396cf1ed8d942889e3928
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 3ec0850efb553df73a7ea2eaec7a6b55c608584ded0539c34f4065e8bc6d2937
perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: c5f67b8cfdc6fa2ad899ba231b98f66f3bff637d75f63ac5deedcd419be3aca4
python3-perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm
SHA-256: 16dec33bcc31cc6ec35ac695368a8bfa25e7279d4116b020df6f555437a508a1
Related news
Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3431-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...
Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Red Hat Security Advisory 2023-1970-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges o...
Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, ...
Red Hat Security Advisory 2023-1666-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux So...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. * CVE...
Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2023-1554-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Red Hat Security Advisory 2023-1560-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue. * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
Ubuntu Security Notice 5970-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Ubuntu Security Notice 5951-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-1202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1220-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...
Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
Ubuntu Security Notice 5927-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c fun...
Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Ubuntu Security Notice 5879-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5877-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5860-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.