Headline

RHSA-2023:2458: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches.
CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-1462: An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.
CVE-2022-1789: A flaw was found in KVM. With shadow paging enabled if INVPCID is executed with CR0.PG=0, the invlpg callback is not set, and the result is a NULL pointer dereference. This flaw allows a guest user to cause a kernel oops condition on the host, resulting in a denial of service.
CVE-2022-1882: A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-2196: A flaw was found in the KVM’s Intel nested virtualization feature (nVMX). Since L1 and L2 shared branch prediction modes (guest-user and guest-kernel), KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre v2 attacks against L1 due to a missing IBPB at VM-exit time.
CVE-2022-2663: A firewall flaw that can bypass the Linux kernel’s Netfilter functionality was found in how a user handles unencrypted IRC with nf_conntrack_irc configured. This flaw allows a remote user to gain unauthorized access to the system.
CVE-2022-3028: A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.
CVE-2022-3435: An out-of-bounds memory read flaw was found in the Linux kernel. The IPv4 Handler component may delete IPv4 routes containing a multipath spec while the fib_info is using a nexthop object. This issue allows a local attacker access to unauthorized data.
CVE-2022-3522: A vulnerability was found in hugetlb_no_page in the mm/hugetlb.c file in the Linux Kernel, where a manipulation leads to a race condition. This flaw may allow a local attacker to cause a denial of service and can lead to a kernel information leak issue.
CVE-2022-3524: A memory leak flaw was found in the Linux kernel’s IPv6 functionality in how a user triggers the setsockopt of the IPV6_ADDRFORM and IPV6_DSTOPTS type. This flaw allows a user to crash the system if the setsockopt function is being called simultaneously with the IPV6_ADDRFORM type and other processes with the IPV6_DSTOPTS type. This issue is unlikely to happen unless a local process triggers IPV6_ADDRFORM.
CVE-2022-3566: A vulnerability was found in the tcp subsystem in the Linux Kernel, due to a data race around icsk->icsk_af_ops. This issue could allow an attacker to leak internal kernel information.
CVE-2022-3567: A data race problem was found in sk->sk_prot in the network subsystem in ipv6 in the Linux kernel. This issue occurs while some functions access critical data, leading to a denial of service.
CVE-2022-3619: A memory leak flaw was found in the Linux kernel’s L2CAP bluetooth functionality. This issue occurs when a user generates malicious packets, triggering the l2cap_recv_acldata function. This flaw allows a local or bluetooth connection user to potentially crash the system.
CVE-2022-3623: A vulnerability was found in follow_page_pte in mm/gup.c in the Linux Kernel. This issue occurs due to a race problem which can poison the page table entry and cause a denial-of-service.
CVE-2022-3625: A flaw was found in the Netlink device interface implementation in the Linux kernel that improperly handled certain error conditions, leading to a use-after-free issue with some network device drivers. A local attacker with admin access to the network device could use this to cause a denial of service (system crash) or execute arbitrary code.
CVE-2022-3628: A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
CVE-2022-3640: A vulnerability was found in the Linux Kernel in the l2cap_conn_del in net/bluetooth/l2cap_core.c function in the Bluetooth component. This issue leads to a use-after-free problem.
CVE-2022-3707: A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
CVE-2022-4128: A NULL pointer dereference issue was discovered in the Linux kernel. This issue occurs in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could potentially crash the system, causing a denial of service.
CVE-2022-4129: A flaw was found in the Linux kernel’s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-20141: A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ip_check_mc_rcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-21505: No description is available for this CVE.
CVE-2022-28388: A double-free flaw was found in the Linux kernel’s USB2CAN interface implementation. This issue could allow a local user to crash the system.
CVE-2022-33743: An incomplete cleanup flaw was found in the Linux kernel’s Xen networking XDP (eXpress Data Path) subsystem. This flaw allows a local user to crash the system.
CVE-2022-39188: A flaw was found in include/asm-generic/tlb.h in the Linux kernel due to a race condition (unmap_mapping_range versus munmap). This issue allows a device driver to free a page while it still has stale TLB entries.
CVE-2022-39189: A flaw was found in the x86 KVM subsystem in kvm_steal_time_set_preempted in arch/x86/kvm/x86.c in the Linux kernel. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
CVE-2022-41674: A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to crash the system or leak internal kernel information.
CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the is_mergeable_anon_vma() function continuously forks, using memory operations to trigger an incorrect reuse of leaf anon_vma. This issue allows a local attacker to crash the system.
CVE-2022-42720: A use-after-free flaw was found in bss_ref_get in the net/wireless/scan.c in the Linux kernel. This issue can lead to a denial of service or arbitrary code execution.
CVE-2022-42721: A list corruption flaw was found in cfg80211_add_nontrans_list in the net/wireless/scan.c function in the Linux kernel. This flaw could lead to a denial of service.
CVE-2022-42722: A flaw was found in P2P-Device in wifi in ieee80211_rx_h_decrypt in net/mac80211/rx.c in the Linux kernel, leading to a denial of service.
CVE-2022-42896: A use-after-free flaw was found in the Linux kernel’s implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim.
CVE-2022-43750: An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-47929: A NULL pointer dereference flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux kernel. This issue may allow a local unprivileged user to trigger a denial of service if the alloc_workqueue function return is not validated in time of failure, resulting in a system crash or leaked internal kernel information.
CVE-2023-0394: A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-0590: A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1195: A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.
CVE-2023-1382: A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.

1 year ago

Headline

RHSA-2023:2458: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Related news

Red Hat Security Data: Latest News