Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5414: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-35001: An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel’s nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-03

Updated:

2023-10-03

RHSA-2023:5414 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64

Fixes

  • BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()

Red Hat Enterprise Linux Server - AUS 7.6

SRPM

kernel-3.10.0-957.106.1.el7.src.rpm

SHA-256: 17b5bfe168807de169ef7d8380e980811eff7b196bdd6d05be0ce88569c8739d

x86_64

bpftool-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 7263c16cb2a885c43ff638406347ad6dc288a29e98c16bb04cd978af3fa9da2f

kernel-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 6e4ebb7db708291f87013997711e06d12dedadfdcc2d0d4f27b4db7a3bd31a37

kernel-abi-whitelists-3.10.0-957.106.1.el7.noarch.rpm

SHA-256: 7eb5801bb0c66c04d7196b0641f603405f22c62f62336dd5eab52ad505d46593

kernel-debug-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 275608c872ff1f4a3f9fef65615fda2be7875fa83fb4973253b082f3cb7e3622

kernel-debug-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 70b89112e340d9922de44eb7c7820507b135705a32a627aa591c701c7291eda3

kernel-debug-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 70b89112e340d9922de44eb7c7820507b135705a32a627aa591c701c7291eda3

kernel-debug-devel-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 6d8a8178bd0507c3392b9e94dd67055cc9c4df68eeefd66d4c2fd0162fa8f9fa

kernel-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 712a19a54fd1fbd55fb3e23abd6af7a6a9b4ebc400c23b9fcc9428d9303161f2

kernel-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 712a19a54fd1fbd55fb3e23abd6af7a6a9b4ebc400c23b9fcc9428d9303161f2

kernel-debuginfo-common-x86_64-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 5b6c44826e257ac525ca6eff61668365dcdcd09dd9a6e9c75a476b00b40a1529

kernel-debuginfo-common-x86_64-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 5b6c44826e257ac525ca6eff61668365dcdcd09dd9a6e9c75a476b00b40a1529

kernel-devel-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 8df84a497ade32447d780a25ad14acf3feb9868eeba6ef47b3b0cc6da1480dfa

kernel-doc-3.10.0-957.106.1.el7.noarch.rpm

SHA-256: 4e886de6f22aa28d78ec4c071a5dc29120b7eab9b71af82ac703669c2ff6f698

kernel-headers-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: a619d4d2dc8160598631f8738e015d78be739dd4bc761f09eb704e65012f1eb3

kernel-tools-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 7a40a940ff8712af3e2a70352aff65f74910d7026078e8cb953eaa5863498850

kernel-tools-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 9a1b4e6a2fd2b659a3896a279c96449c2a83e56b16feddc9642a7c86cc9d5cc0

kernel-tools-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 9a1b4e6a2fd2b659a3896a279c96449c2a83e56b16feddc9642a7c86cc9d5cc0

kernel-tools-libs-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 805762ce1f7788aa79b2e0491775d61eb955ed26eb7c552c1936f2cce201ba39

kernel-tools-libs-devel-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 2b533d75b794f04ce8514639b8b865d727e3a3e1ef51418cf66fc1ade4c6e30b

perf-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: 8767447bd8e7c2a63a7191e4fab27a50738ee5787adc7942195866a42e30ee2d

perf-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: cc1f04c9f95caa143f95befcbac25bd9484768473cb6b604059449b9ac55875d

perf-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: cc1f04c9f95caa143f95befcbac25bd9484768473cb6b604059449b9ac55875d

python-perf-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: ea6df920f93a628a7a984cec48c135738e95f878b1c6e9149788c85020407e52

python-perf-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: e922b7d3474bd0dd461c8ac31ef34b0d0efc614e79b6830ed6155b1ed4af8484

python-perf-debuginfo-3.10.0-957.106.1.el7.x86_64.rpm

SHA-256: e922b7d3474bd0dd461c8ac31ef34b0d0efc614e79b6830ed6155b1ed4af8484

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2024-1278-03

Red Hat Security Advisory 2024-1278-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include out of bounds write and use-after-free vulnerabilities.

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Ubuntu Security Notice USN-6460-1

Ubuntu Security Notice 6460-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service or possibly expose sensitive information.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5622-01

Red Hat Security Advisory 2023-5622-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory leak, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5603-01

Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:5622: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3609: A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsyst...

RHSA-2023:5574: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3609: A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter s...

Red Hat Security Advisory 2023-5255-01

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5221-01

Red Hat Security Advisory 2023-5221-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5069-01

Red Hat Security Advisory 2023-5069-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, information leakage, and use-after-free vulnerabilities.

Kernel Live Patch Security Notice LSN-0097-1

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.

Red Hat Security Advisory 2023-4961-01

Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4967-01

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4962-01

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:4962: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...

RHSA-2023:4967: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privileg...

Ubuntu Security Notice USN-6255-1

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.