Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1566: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action “mirred”) a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
  • CVE-2022-4378: A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
  • CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem.
  • CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Red Hat Security Data
#vulnerability#windows#linux#red_hat#dos#intel#amd#auth#ibm

Synopsis

Important: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
  • ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
  • kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
  • kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
  • RHEL8: Practically limit “Dummy wait” workaround to old Intel systems (BZ#2142170)
  • AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
  • RHEL-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
  • Kernel panic observed during VxFS module unload (BZ#2162763)
  • Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
  • RHEL8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
  • kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
  • Windows Server 2019 guest randomly pauses with “KVM: entry failed, hardware error 0x80000021” (BZ#2166368)
  • Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
  • panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
  • net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
  • RHEL 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
  • mlx5: lag and sriov fixes (BZ#2167647)
  • RHEL8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
  • GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
  • Azure RHEL8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
  • fast_isolate_freepages scans out of target zone (BZ#2170576)
  • Backport Request for locking/rwsem commits (BZ#2170939)
  • ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
  • Hyper-V RHEL8.8: Update MANA driver (BZ#2173103)

Enhancement(s):

  • Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64

Fixes

  • BZ - 2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action
  • BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
  • BZ - 2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation
  • BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

CVEs

  • CVE-2022-4269
  • CVE-2022-4378
  • CVE-2023-0266
  • CVE-2023-0386

Red Hat Enterprise Linux for x86_64 8

SRPM

kernel-4.18.0-425.19.2.el8_7.src.rpm

SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e

x86_64

bpftool-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 564a652fdb3ae19f85a7eaa3c83ec964b3c1a29d93626a4f192a7ae8f9af3e3a

bpftool-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: db0bc8449a36e4439b2259da3a082429c095c7a2a7cad91f74c81d1b12e8c46b

kernel-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 486ad2b55ddbb123bcfc7d0457b65c25c6f772ff52f849b7cec01a557cee960f

kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24

kernel-core-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 47ee46d45d7988330c240f35cf52f11b5338f956294a62830de30515d60574fe

kernel-cross-headers-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: aece664adf5e7911aea0063f096efba6d7ce4c23e28d5acc7da541d0da1dc0de

kernel-debug-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 5c5f5ca3ac45f2d807a7e3432425536f61095d646bc2d2e7138a7fab6c31841b

kernel-debug-core-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 98aa999a9e568b8dc7cf6ac5b1ba917873a2518719a6ae9f4f9fe2be3a4e7ab9

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 2be6f97eb0b286aab851d788a589c2085d8bb04abdf3a263c539803c0164a491

kernel-debug-devel-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 6d7b5630fa18582b6aeacecec59f45b191570471682102a699ca510e22bbdff9

kernel-debug-modules-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: d1d2537fb6a54c2e0bdc080dd217da1372daa3495aa9d78e0f8f722285df6c5a

kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: ca220564d7cd9887572fc42f33b40cee08692d51cbef902d6c771926e860b0b4

kernel-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: a296c682a1c83a07e62b9d5fab3fcf60472ffd73cdc8915c9078de14d4d14d74

kernel-debuginfo-common-x86_64-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: e4eb12ea5cce5a77e83ab00d9c1ddf41e686b0690fa57ba6878ebd15635945c0

kernel-devel-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 4bd4cd5b58dc04964897641385f303f02c667f004a66379558fbb7a952e50ea7

kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72

kernel-headers-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: e628125928f1b58cae00adfe21c0102777c1fd741799f1089357e070c7595941

kernel-modules-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 07039180614ee834aa93d140281c514f8149a683bcda160e2e3a03b0f0572203

kernel-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 9713dee21c3fc11437f8fe1cadf37228ad4b0aad2643a4cbc2bfbb07db86372f

kernel-tools-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 68f4fd059d65a8d5e0ee764aaabe6534cfa023ccffe38bb9caa3b77f0a070b56

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 3f0741d149e0c2d55206a9eff446309f9900be40703e4a70424469b4a8c79d7d

kernel-tools-libs-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 46cf0c6b74044113b4da98cc7ce8febc245185c16045b126bc343e1fde8eae5b

perf-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 9b4839d644c31ab0dec646f9cc4f605229a185933c6cb32b9f2ee2a20029bdb1

perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 747a7071d8d3f38e8d67d63ad8f916950eb6c8c2a916553ae763705bf865a53d

python3-perf-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: d03f7b34e2eca7ee31a350dc805d35864e588f6b8c3da5294794d39eef09b39e

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 75d887e7073b7926a70310977cb4792fdbb05d83ac0fd2a2ae09adb6b4052aab

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

kernel-4.18.0-425.19.2.el8_7.src.rpm

SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e

s390x

bpftool-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 496aeedfc37a55042a6b28671c0e8ca2328de7209205322bf0a383d5049ca110

bpftool-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: f29faac03a03cb5bf647936166e7726a0c716dd3306d13ccf320e367fdf480ce

kernel-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 8d605ae43ded35a9ef7bfa0143d7f3ea79b70f67dcbcbb720d5a1804d2c0e76a

kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24

kernel-core-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 8ed7bb7a1d914d20f9675547871fcc213ea85c995317b784b087720aa6781fb6

kernel-cross-headers-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d3b08e8ebf7e64be860c7b902a60e720ceb3d225e6284d48dd4cb9f8558d961b

kernel-debug-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 23c0c8442fc8b4679c00b3d18122dd1550340b2caa14bafe9308637c8868f7c3

kernel-debug-core-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 32ab8229c8489963bf0e53ee9a2b0890de32f15fa522b8df770953dce34d86e6

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 4aa2a40de02ec154f70c909fc795722cd410385a712a48476dbe563f63939d8c

kernel-debug-devel-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: f989d7f366a6a7f7cc190acb46b84fdd243495dcb0c7e37a436b7177d3c20229

kernel-debug-modules-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 8245cc185f0e12235c8f949e26ea7602c9c41dc306f8e462322d1dad8673fdfa

kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 87b9036bce71c497232da4358e24da3942856ef5faaab29e2077dcee0af36e14

kernel-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 0bc3ae1cd711bfce54619819a3c917a22d0a00ae5c9d00504854e012c54247cc

kernel-debuginfo-common-s390x-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 51f6f07f9197c6ba35693303fcfb10d4c7c0ae91f704b99afd3d97f1ec6e8009

kernel-devel-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 46ce241e728be97c3290ad324ecb48639cbb9a47f0970c71bdd89d7750b6402a

kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72

kernel-headers-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 14673fed54ab468eb8f8442e1346b3e3f56ac2a5364b7072722d92688777f3d5

kernel-modules-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d02da8bd8994ccb0cd45adec5746dd120d554079e3c8a3eec6a69ecc0efe3532

kernel-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 4546ddd8581de9daba2b9ff19f62a0b34be150ef3f298d6b21248310e2b5db9e

kernel-tools-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d0174e3daf299b53d10c02dd4d3f68cba41ea2a01661bca87ca1dfe06f3aedec

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 9075f6d093f381f12d317f99de72ef0d5a9d6b65d986ad96c2e008cba80e3f27

kernel-zfcpdump-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 689de5f2277ffb8470b778e03e221f46ef3523bbe35af964698a06993cf83b5f

kernel-zfcpdump-core-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d646836f20743c340b299b06c86ab79a27a4974a91fcc1304940dbe48463a49e

kernel-zfcpdump-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d9e22955b170ce27eb1e8f7d13256e97c3e98e20809e25ef3c9b66ee78011ecb

kernel-zfcpdump-devel-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: fee6c93307ef811813344d1b1b5ec88233f9c4877f44c0089f4724ca3a1878ec

kernel-zfcpdump-modules-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 81237cc8cdc759dfecf8b00db48c8154ac55fb53e81580775d9cd82c45d7142f

kernel-zfcpdump-modules-extra-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: d6abd9cc7b0ac95a575bfbb05759c54d36d419bccbd7f9ce662e59bdf8e4dc3b

perf-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 7fd37a4b6a04f0f17f53ea7a9dc4b2c9ebb6818f42b125ccef77530bbb873232

perf-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 3f87136629446e95221dbcfbd2eac6976656e8771c9ef17e0836522db70bafd8

python3-perf-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: 47588fde9eda2989939e27daf99b903f318eb41919478baa51a52ef431c0caa5

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.s390x.rpm

SHA-256: fb9bb1d50acc56ee0e17104d3a975a3f0d3476dbf506d29b33355130625caba1

Red Hat Enterprise Linux for Power, little endian 8

SRPM

kernel-4.18.0-425.19.2.el8_7.src.rpm

SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e

ppc64le

bpftool-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: b49c675f7f6ab64f5552fed5ba7dbbd9422a68f86ff1cfcf7d4d21fdba8d24f1

bpftool-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 3b42d5b1ace294c922b70dd6c3b7482588a2a0de775e5d7cf381b6411b97a939

kernel-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 2611e8a94a7cfb9c532cd0cfd1087f9ef2f89fcc31bd2bf45a5a57ff5cdd5265

kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24

kernel-core-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 57d85fa8e1f4a73e19027843d540ea76fa683bc61e3047cf5648f20455444624

kernel-cross-headers-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 1a272fe6e200b11c9eb0f7d2fca1d94803fde4ed03d09cc068c4c3145bf2e700

kernel-debug-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: bace8fdab98ab6efffc9fc6f2936360b74beabf9da4a4f1023e8ffaf9c1b84b3

kernel-debug-core-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 4d78d59aacaf24ac9d76710a09c6f1f3db8f1cd0019abcc4c30b77b5217a1266

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: c84c85692b2d74f7d3d935cf617e13dbe1822344d8ca35bf66ff0c9f06f18256

kernel-debug-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 391ab53b28ee77bf30d4b8d834fda4031d46851d245ee167c967f383f186a4f1

kernel-debug-modules-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: e07b74fc6dc82c43f31f536d44102bd47c1c61b6d41e4040d4c204e2f37a1338

kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 7038cbfc5034700ed18ef307b73a42f7751262ed3d2f10d6892f8083b2c4c70c

kernel-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 93adc2d368fb4e86facac8b80ed0f428086a2aa87fc3619b8757f250fa053673

kernel-debuginfo-common-ppc64le-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 079591e79c026abfeaa6873016d0254ef4d0f7ebd722d5b764f7dc097cc92797

kernel-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 562ce66bd2c80d99fba06950f274b207022dba116eee4245f6246d7d229fdbfb

kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72

kernel-headers-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 6c5926a302e4f217c90aebad8d8e617f975c7803b751a676bfd117e8d53de332

kernel-modules-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: abe2dfc058fc793b15e4d63c06cb7dc0c312d11eb85453523ce07e1939ec179e

kernel-modules-extra-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: bc96d362d226b0bd85addad3c8b56bbf799dfa340eaedf80c88fa115f7e7580c

kernel-tools-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: ad70a3becc092043ec2c3ba7c3e3b455e2493c95721d7452e615ac12d91f8c60

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 33aa560c6ad474938f6a848f2dd04511897e004f565a2cc9a426cac89ae6008c

kernel-tools-libs-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 5fb9b4a65dd098444e311ebdd82e4cb56a66674ec119e10438ce49106b96ce19

perf-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: f9b30970f23941b3d485c92afb05afd3ebf9335c9827604449dd14b4cf6426f3

perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 76e2398e1b73e127ce9cef838dacdb866ec8a0e5618f63836fd9c4dc4c03da70

python3-perf-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 566497b1c1028dd99347e4967d723e84617a97c09ac7023ae6ea030d40be7c5f

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 649270d278982e7905adf5821092a8fee501739b31a7eafad1fc468d7dc66881

Red Hat Enterprise Linux for ARM 64 8

SRPM

kernel-4.18.0-425.19.2.el8_7.src.rpm

SHA-256: 8f42d2b755ce89d041b6b1d356c8860f21f5a8e11e60c2b5c6520903cf7b247e

aarch64

bpftool-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 82730eeeb6041d3ec92f004c630d4675d79f882e03f9993d6b0cfe1879f566cf

bpftool-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 43ce3a880a62f62536befa0422f1d210450930a7500dde3956113dc6496534b9

kernel-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: e3bfaea3546c331636d90aa2c64a8e22b5c464d4b283480016733371b651627e

kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: f579e3784a10453a5fc032251934a502d408e0cd1ad20d8393f739605af47d24

kernel-core-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c932d267d7d5ccc3763011b9035d4cf5ef41bc75daf71dcb7cae7ff6e8fb86a4

kernel-cross-headers-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 41a7b7870928b2f51a93856075a52b2c870695656419a768f7def51bc238a40b

kernel-debug-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: d42ad852927214d47f32a7ce16d2e747e94bb96f57517d0fc631b6e6530a03ef

kernel-debug-core-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 7e6e42b14b433b028a4d2cca1af11e88b730c0b435fcf53eb9d896e0386bd4fc

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 9e29fc932aad326b8d48a6bfe069b38d727d9cd94a66154315d0bf64d9cf8c2a

kernel-debug-devel-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 2663c2f9b19b92516233eb2e28f61deadecbcccfb190ea0f13f95325e49222b2

kernel-debug-modules-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 30991a398cf11f8bb161d798e7aa5a993fb3e2540a1f84958b2f712053aed6c7

kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 87252f9526099d1deef89bb772922bf24a10bef3b8d7ab3e576fb6ba19434fb4

kernel-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c2894260e90c00855d9e42adf7ddbfe89b16620d6b5760b5cacb4a8512bc7489

kernel-debuginfo-common-aarch64-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 85ada52f6349993a31d4f8b1bb7660db9e4ad2083b62164910d3cc974208e24e

kernel-devel-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 83d48bb71f80ae30082f000a8893c104431f8e0af3e4998a77a91d474327841d

kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm

SHA-256: 5d619347befc5bee8f1c0d1de27b3ada831ab8a6bf735ff410336c0650ec7d72

kernel-headers-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: a5ce23ed3ee0e11a9cb94ac1ce9f1ee2d6c4296e0cf57aa750822992b83a7f79

kernel-modules-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: f004872f0217bc8b9444913273f3dbfd1b5fb9eb7ec0a5490020a427c1296168

kernel-modules-extra-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 52a21d3a63cf27c374fef1a636866ddbdc7400deb637348b2daefa0c9cf96769

kernel-tools-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: ef48ab9da2caffcac0b518ac3c67cb87b416a3e746d2f2dfad023631785e1dc1

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c27b837437ee7a5d1b93f812fbb55c366e22d6c2c16396cf1ed8d942889e3928

kernel-tools-libs-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 06a154e5d1efb7435fcce21ee445407c770f537c7cb7bb3bfad2d9a15584597f

perf-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 28d5b7fff1d40dd22af18f553aa5d85161fb593ac7d0c58432339677f0e8041c

perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c5f67b8cfdc6fa2ad899ba231b98f66f3bff637d75f63ac5deedcd419be3aca4

python3-perf-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 696aee54c37de6a27db47fd30272b27dfeaeb6eb269fdc2bf76eb064ffb65fe2

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 16dec33bcc31cc6ec35ac695368a8bfa25e7279d4116b020df6f555437a508a1

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

bpftool-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: db0bc8449a36e4439b2259da3a082429c095c7a2a7cad91f74c81d1b12e8c46b

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 2be6f97eb0b286aab851d788a589c2085d8bb04abdf3a263c539803c0164a491

kernel-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: a296c682a1c83a07e62b9d5fab3fcf60472ffd73cdc8915c9078de14d4d14d74

kernel-debuginfo-common-x86_64-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: e4eb12ea5cce5a77e83ab00d9c1ddf41e686b0690fa57ba6878ebd15635945c0

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 3f0741d149e0c2d55206a9eff446309f9900be40703e4a70424469b4a8c79d7d

kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 1bfecdeebb75656905c709c90e6d5681887776f8e1507e29844617694a3c62cd

perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 747a7071d8d3f38e8d67d63ad8f916950eb6c8c2a916553ae763705bf865a53d

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.x86_64.rpm

SHA-256: 75d887e7073b7926a70310977cb4792fdbb05d83ac0fd2a2ae09adb6b4052aab

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

bpftool-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 3b42d5b1ace294c922b70dd6c3b7482588a2a0de775e5d7cf381b6411b97a939

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: c84c85692b2d74f7d3d935cf617e13dbe1822344d8ca35bf66ff0c9f06f18256

kernel-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 93adc2d368fb4e86facac8b80ed0f428086a2aa87fc3619b8757f250fa053673

kernel-debuginfo-common-ppc64le-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 079591e79c026abfeaa6873016d0254ef4d0f7ebd722d5b764f7dc097cc92797

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 33aa560c6ad474938f6a848f2dd04511897e004f565a2cc9a426cac89ae6008c

kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 78a065ffc2e6292a63dc7f6f5281bd4eb17d99fad13d3e9bebffc3e36f5b7937

perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 76e2398e1b73e127ce9cef838dacdb866ec8a0e5618f63836fd9c4dc4c03da70

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.ppc64le.rpm

SHA-256: 649270d278982e7905adf5821092a8fee501739b31a7eafad1fc468d7dc66881

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

bpftool-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 43ce3a880a62f62536befa0422f1d210450930a7500dde3956113dc6496534b9

kernel-debug-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 9e29fc932aad326b8d48a6bfe069b38d727d9cd94a66154315d0bf64d9cf8c2a

kernel-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c2894260e90c00855d9e42adf7ddbfe89b16620d6b5760b5cacb4a8512bc7489

kernel-debuginfo-common-aarch64-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 85ada52f6349993a31d4f8b1bb7660db9e4ad2083b62164910d3cc974208e24e

kernel-tools-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c27b837437ee7a5d1b93f812fbb55c366e22d6c2c16396cf1ed8d942889e3928

kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 3ec0850efb553df73a7ea2eaec7a6b55c608584ded0539c34f4065e8bc6d2937

perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: c5f67b8cfdc6fa2ad899ba231b98f66f3bff637d75f63ac5deedcd419be3aca4

python3-perf-debuginfo-4.18.0-425.19.2.el8_7.aarch64.rpm

SHA-256: 16dec33bcc31cc6ec35ac695368a8bfa25e7279d4116b020df6f555437a508a1

Related news

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6332-1

Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6312-1

Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6301-1

Ubuntu Security Notice 6301-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6186-1

Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6175-1

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3431-01

Red Hat Security Advisory 2023-3431-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-6134-1

Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2023-31227: May

The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.

Ubuntu Security Notice USN-6071-1

Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

RHSA-2023:2104: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

Ubuntu Security Notice USN-6043-1

Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

RHSA-2023:1953: Red Hat Security Advisory: Logging Subsystem 5.6.5 - Red Hat OpenShift security update

Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...

Ubuntu Security Notice USN-6040-1

Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

Red Hat Security Advisory 2023-1970-01

Red Hat Security Advisory 2023-1970-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

RHSA-2023:1984: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges o...

Red Hat Security Advisory 2023-1677-01

Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.

RHSA-2023:1703: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

RHSA-2023:1691: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

RHSA-2023:1681: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

RHSA-2023:1677: Red Hat Security Advisory: Red Hat Virtualization Host 4.4.z SP 1 security update batch#5 (oVirt-4.5.3-5)

An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, ...

Red Hat Security Advisory 2023-1666-01

Red Hat Security Advisory 2023-1666-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1660-01

Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Red Hat Security Advisory 2023-1659-01

Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

RHSA-2023:1659: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux So...

RHSA-2023:1660: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. * CVE...

Red Hat Security Advisory 2023-1584-01

Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Red Hat Security Advisory 2023-1554-01

Red Hat Security Advisory 2023-1554-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2023-1560-01

Red Hat Security Advisory 2023-1560-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

RHSA-2023:1584: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

RHSA-2023:1584: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

RHSA-2023:1554: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue. * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Ubuntu Security Notice USN-5981-1

Ubuntu Security Notice 5981-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-1469-01

Red Hat Security Advisory 2023-1469-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a double free vulnerability.

RHSA-2023:1469: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

RHSA-2023:1469: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

Ubuntu Security Notice USN-5970-1

Ubuntu Security Notice 5970-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.

CVE-2023-0386

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Ubuntu Security Notice USN-5951-1

Ubuntu Security Notice 5951-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-1202-01

Red Hat Security Advisory 2023-1202-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1220-01

Red Hat Security Advisory 2023-1220-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-1203-01

Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

RHSA-2023:1221: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

RHSA-2023:1220: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...

RHSA-2023:1202: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...

RHSA-2023:1203: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...

Ubuntu Security Notice USN-5939-1

Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-1109-01

Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2023-1130-01

Red Hat Security Advisory 2023-1130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

Ubuntu Security Notice USN-5927-1

Ubuntu Security Notice 5927-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.

RHSA-2023:1103: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

RHSA-2023:1091: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c fun...

Ubuntu Security Notice USN-5917-1

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2023-0945-01

Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

RHSA-2023:0945: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Ubuntu Security Notice USN-5879-1

Ubuntu Security Notice 5879-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5877-1

Ubuntu Security Notice 5877-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5860-1

Ubuntu Security Notice 5860-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5831-1

Ubuntu Security Notice 5831-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-4378: Linux kernel stack-based buffer overflow

A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.