Headline
RHSA-2023:1660: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem.
- CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
- kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation
- BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
x86_64
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm
SHA-256: 4e53c1c3bc546734e0a84de3b9121ef66d18d9b187fb828162a6834625fa18d1
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm
SHA-256: c15e98e68210c2433ebc9412892da052aa185b393d732b8af36d7401c384f113
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm
SHA-256: d833050e79d8348a96a2fb692c7b77c407edf1f6135c1dd7144b64626ead98c9
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm
SHA-256: 894981d1bbd372afb4ac7a9750ddf7a5cb3933f15bbbd21a387606a5161c4100
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm
SHA-256: 860e69535c6e2f44fb2130e5b7e667953376ae25038506621f04c8e353aa40d8
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm
SHA-256: dbb35f54982ebb0bc88e95747a66d62cfe25721e374b9dd5b4e060ad09948f3c
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm
SHA-256: 47500c173ed2145eef832bb1250921afeb46a45307b3faa1bb4c7cdf6ac62273
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: fcdda332fc3ed920b16dcb992465f160ad231f14e1dbf07c08f0b582896e82fa
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: e4658cd658c13ca49d877451aec0b8df85711cd8e56a0eedda3ed992d36d6b90
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm
SHA-256: eba46d9644df50e4b5995cf279bc7c17376d6c4a55ee22a4478fcf1d7bb0a9f5
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: 52b0b58fb29ed910d5e807f113f8f9d65197d1cc41565e556edb00da17edc8a7
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: 24dc315d414353d582238fbf91ab3ba5a67c5530d728574dd1056aac1b7d3831
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm
SHA-256: 7bbb6b466c55b14af2eda5b76c193bde574f439e22ba443077e8cef893456127
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm
SHA-256: e54e743fe5daccc7fe402f1a3e22915ea098849a83bec6927fb2223f7c424c6a
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm
SHA-256: 740541875f57c25f7ad1aa227d914fcc9cc6bdb8f6e200a926ab8e7c36c2224b
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm
SHA-256: 90fc37933ab4d8b00fcddb380540ac32aca17b1de663222bd85caa13e0d56b8b
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm
SHA-256: d0cbb5d12961e16b8776569edae53571622604f36d3f6ba9ba1f06ccb6309d55
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm
SHA-256: 8453bc721a25d7b5321452f16293ee45b9dac25a039455adde27511b90a7ca5c
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
x86_64
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm
SHA-256: 4e53c1c3bc546734e0a84de3b9121ef66d18d9b187fb828162a6834625fa18d1
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm
SHA-256: c15e98e68210c2433ebc9412892da052aa185b393d732b8af36d7401c384f113
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm
SHA-256: d833050e79d8348a96a2fb692c7b77c407edf1f6135c1dd7144b64626ead98c9
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm
SHA-256: 894981d1bbd372afb4ac7a9750ddf7a5cb3933f15bbbd21a387606a5161c4100
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm
SHA-256: 860e69535c6e2f44fb2130e5b7e667953376ae25038506621f04c8e353aa40d8
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm
SHA-256: dbb35f54982ebb0bc88e95747a66d62cfe25721e374b9dd5b4e060ad09948f3c
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm
SHA-256: 47500c173ed2145eef832bb1250921afeb46a45307b3faa1bb4c7cdf6ac62273
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: fcdda332fc3ed920b16dcb992465f160ad231f14e1dbf07c08f0b582896e82fa
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: e4658cd658c13ca49d877451aec0b8df85711cd8e56a0eedda3ed992d36d6b90
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm
SHA-256: eba46d9644df50e4b5995cf279bc7c17376d6c4a55ee22a4478fcf1d7bb0a9f5
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: 52b0b58fb29ed910d5e807f113f8f9d65197d1cc41565e556edb00da17edc8a7
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: 24dc315d414353d582238fbf91ab3ba5a67c5530d728574dd1056aac1b7d3831
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm
SHA-256: 7bbb6b466c55b14af2eda5b76c193bde574f439e22ba443077e8cef893456127
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm
SHA-256: e54e743fe5daccc7fe402f1a3e22915ea098849a83bec6927fb2223f7c424c6a
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm
SHA-256: 740541875f57c25f7ad1aa227d914fcc9cc6bdb8f6e200a926ab8e7c36c2224b
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm
SHA-256: 90fc37933ab4d8b00fcddb380540ac32aca17b1de663222bd85caa13e0d56b8b
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm
SHA-256: d0cbb5d12961e16b8776569edae53571622604f36d3f6ba9ba1f06ccb6309d55
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm
SHA-256: 8453bc721a25d7b5321452f16293ee45b9dac25a039455adde27511b90a7ca5c
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
ppc64le
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.ppc64le.rpm
SHA-256: 5b4edc718f39e43fe5d4a1a2fe9b68bdfa9ee2b6311f3271b5b45af85f064560
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.ppc64le.rpm
SHA-256: 9827e149e0de041c8ff84c6d6eed058868f5082c825fc9a37a220098d6f344e0
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.ppc64le.rpm
SHA-256: d5e8f8a4508a1cbfce56554bbc3fe63d7e8dd52b885948a3ecb474b4c56af65f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.ppc64le.rpm
SHA-256: e99a07468d7bb4c7a5f44f88012c337dc9763d3ca2cc4157451068fc47682bef
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.ppc64le.rpm
SHA-256: 337449468a024359d75ebcda6b2aef457fa28ab683739fb06f501e9722519439
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.ppc64le.rpm
SHA-256: 383d349abbb326b201bd41e1965a0e50466e42efb26d6a2405dc74268ba1cf07
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.ppc64le.rpm
SHA-256: 7329e8c554d34896cc5696ec307a1ead5b4d301e57ac7d4995903be27687b159
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.ppc64le.rpm
SHA-256: c62aa67954aa1736a5a50db897acc0f9b4997a1855b88d70bb7fd017a9e86d60
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.ppc64le.rpm
SHA-256: e8909e5bd6768050f86f2432efdde667c0e4ceb4df57c3a104c13918f7b684a8
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.ppc64le.rpm
SHA-256: 239bbcc31cdbe2ccf2b59420a2f30f69df13352c5fa589a1650fe661c1c46f5b
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.ppc64le.rpm
SHA-256: 63f4bc5b9a8d4cba4e8e592ac361fe0122f058b1f11212d06dd982165430722f
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.ppc64le.rpm
SHA-256: dd2b7a6c989568b7b22021997843247a1e7b516f4c7276e71228c099f16d4958
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.ppc64le.rpm
SHA-256: afc68295390df84a6c302166fed99da45f1be762dabd060636707089f457bd06
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.ppc64le.rpm
SHA-256: 7b52d43a7f429c6ea98081ac599b1dc3524663898fedb37585aa08574fff4f15
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.ppc64le.rpm
SHA-256: 93aa7fbab08d5303b22b7c2e6f699c38abf87ac257102c4b40ebfa3f30d29342
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.ppc64le.rpm
SHA-256: e13235347b21bdd24c733f617570c5f9950823c41d020a96481b8eafc541e4a4
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.ppc64le.rpm
SHA-256: a25baa6f3a2f1fb5cdc4399fba386fe49003714e98f3a15d76406e7acaa85eda
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.ppc64le.rpm
SHA-256: cac4ca5f1dfe4c98acc21d975cd302c7937cd7228407db98316b43d8b165d5e1
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
x86_64
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm
SHA-256: 4e53c1c3bc546734e0a84de3b9121ef66d18d9b187fb828162a6834625fa18d1
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm
SHA-256: c15e98e68210c2433ebc9412892da052aa185b393d732b8af36d7401c384f113
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm
SHA-256: d833050e79d8348a96a2fb692c7b77c407edf1f6135c1dd7144b64626ead98c9
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm
SHA-256: 894981d1bbd372afb4ac7a9750ddf7a5cb3933f15bbbd21a387606a5161c4100
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm
SHA-256: 860e69535c6e2f44fb2130e5b7e667953376ae25038506621f04c8e353aa40d8
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm
SHA-256: dbb35f54982ebb0bc88e95747a66d62cfe25721e374b9dd5b4e060ad09948f3c
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm
SHA-256: 47500c173ed2145eef832bb1250921afeb46a45307b3faa1bb4c7cdf6ac62273
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: fcdda332fc3ed920b16dcb992465f160ad231f14e1dbf07c08f0b582896e82fa
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: e4658cd658c13ca49d877451aec0b8df85711cd8e56a0eedda3ed992d36d6b90
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm
SHA-256: eba46d9644df50e4b5995cf279bc7c17376d6c4a55ee22a4478fcf1d7bb0a9f5
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: 52b0b58fb29ed910d5e807f113f8f9d65197d1cc41565e556edb00da17edc8a7
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: 24dc315d414353d582238fbf91ab3ba5a67c5530d728574dd1056aac1b7d3831
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm
SHA-256: 7bbb6b466c55b14af2eda5b76c193bde574f439e22ba443077e8cef893456127
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm
SHA-256: e54e743fe5daccc7fe402f1a3e22915ea098849a83bec6927fb2223f7c424c6a
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm
SHA-256: 740541875f57c25f7ad1aa227d914fcc9cc6bdb8f6e200a926ab8e7c36c2224b
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm
SHA-256: 90fc37933ab4d8b00fcddb380540ac32aca17b1de663222bd85caa13e0d56b8b
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm
SHA-256: d0cbb5d12961e16b8776569edae53571622604f36d3f6ba9ba1f06ccb6309d55
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm
SHA-256: 8453bc721a25d7b5321452f16293ee45b9dac25a039455adde27511b90a7ca5c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
ppc64le
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.ppc64le.rpm
SHA-256: 5b4edc718f39e43fe5d4a1a2fe9b68bdfa9ee2b6311f3271b5b45af85f064560
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.ppc64le.rpm
SHA-256: 9827e149e0de041c8ff84c6d6eed058868f5082c825fc9a37a220098d6f344e0
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.ppc64le.rpm
SHA-256: d5e8f8a4508a1cbfce56554bbc3fe63d7e8dd52b885948a3ecb474b4c56af65f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.ppc64le.rpm
SHA-256: e99a07468d7bb4c7a5f44f88012c337dc9763d3ca2cc4157451068fc47682bef
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.ppc64le.rpm
SHA-256: 337449468a024359d75ebcda6b2aef457fa28ab683739fb06f501e9722519439
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.ppc64le.rpm
SHA-256: 383d349abbb326b201bd41e1965a0e50466e42efb26d6a2405dc74268ba1cf07
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.ppc64le.rpm
SHA-256: 7329e8c554d34896cc5696ec307a1ead5b4d301e57ac7d4995903be27687b159
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.ppc64le.rpm
SHA-256: c62aa67954aa1736a5a50db897acc0f9b4997a1855b88d70bb7fd017a9e86d60
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.ppc64le.rpm
SHA-256: e8909e5bd6768050f86f2432efdde667c0e4ceb4df57c3a104c13918f7b684a8
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.ppc64le.rpm
SHA-256: 239bbcc31cdbe2ccf2b59420a2f30f69df13352c5fa589a1650fe661c1c46f5b
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.ppc64le.rpm
SHA-256: 63f4bc5b9a8d4cba4e8e592ac361fe0122f058b1f11212d06dd982165430722f
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.ppc64le.rpm
SHA-256: dd2b7a6c989568b7b22021997843247a1e7b516f4c7276e71228c099f16d4958
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.ppc64le.rpm
SHA-256: afc68295390df84a6c302166fed99da45f1be762dabd060636707089f457bd06
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.ppc64le.rpm
SHA-256: 7b52d43a7f429c6ea98081ac599b1dc3524663898fedb37585aa08574fff4f15
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.ppc64le.rpm
SHA-256: 93aa7fbab08d5303b22b7c2e6f699c38abf87ac257102c4b40ebfa3f30d29342
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.ppc64le.rpm
SHA-256: e13235347b21bdd24c733f617570c5f9950823c41d020a96481b8eafc541e4a4
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.ppc64le.rpm
SHA-256: a25baa6f3a2f1fb5cdc4399fba386fe49003714e98f3a15d76406e7acaa85eda
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.ppc64le.rpm
SHA-256: cac4ca5f1dfe4c98acc21d975cd302c7937cd7228407db98316b43d8b165d5e1
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.src.rpm
SHA-256: 7ed17f78978b8066c902acdcb7f62a6a35932392a9cc600497bef966d565e33f
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.src.rpm
SHA-256: 094e368c4ad2e4254e31e72139bae496a2faedcc0a9969355bee63a65dda1db4
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.src.rpm
SHA-256: ef5371787feca0a64f5ca8698812dd4a5ca8d3c9da581575e41971fdeac1b527
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.src.rpm
SHA-256: 593f24b14ad06204cd8051a31223ffb92897d1a73cb22396ef121cf568c06510
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.src.rpm
SHA-256: 8161bb3bf32af0768ba089ff39e5257f26082dbbd8277b4b4d0f56694d8e175e
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.src.rpm
SHA-256: e768d07c244ffe26895c6dac99be730613eb8c6591ca00f6961f5b1c68e36da6
x86_64
kpatch-patch-4_18_0-372_26_1-1-6.el8_6.x86_64.rpm
SHA-256: 4e53c1c3bc546734e0a84de3b9121ef66d18d9b187fb828162a6834625fa18d1
kpatch-patch-4_18_0-372_26_1-debuginfo-1-6.el8_6.x86_64.rpm
SHA-256: c15e98e68210c2433ebc9412892da052aa185b393d732b8af36d7401c384f113
kpatch-patch-4_18_0-372_26_1-debugsource-1-6.el8_6.x86_64.rpm
SHA-256: d833050e79d8348a96a2fb692c7b77c407edf1f6135c1dd7144b64626ead98c9
kpatch-patch-4_18_0-372_32_1-1-5.el8_6.x86_64.rpm
SHA-256: 894981d1bbd372afb4ac7a9750ddf7a5cb3933f15bbbd21a387606a5161c4100
kpatch-patch-4_18_0-372_32_1-debuginfo-1-5.el8_6.x86_64.rpm
SHA-256: 860e69535c6e2f44fb2130e5b7e667953376ae25038506621f04c8e353aa40d8
kpatch-patch-4_18_0-372_32_1-debugsource-1-5.el8_6.x86_64.rpm
SHA-256: dbb35f54982ebb0bc88e95747a66d62cfe25721e374b9dd5b4e060ad09948f3c
kpatch-patch-4_18_0-372_36_1-1-4.el8_6.x86_64.rpm
SHA-256: 47500c173ed2145eef832bb1250921afeb46a45307b3faa1bb4c7cdf6ac62273
kpatch-patch-4_18_0-372_36_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: fcdda332fc3ed920b16dcb992465f160ad231f14e1dbf07c08f0b582896e82fa
kpatch-patch-4_18_0-372_36_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: e4658cd658c13ca49d877451aec0b8df85711cd8e56a0eedda3ed992d36d6b90
kpatch-patch-4_18_0-372_40_1-1-4.el8_6.x86_64.rpm
SHA-256: eba46d9644df50e4b5995cf279bc7c17376d6c4a55ee22a4478fcf1d7bb0a9f5
kpatch-patch-4_18_0-372_40_1-debuginfo-1-4.el8_6.x86_64.rpm
SHA-256: 52b0b58fb29ed910d5e807f113f8f9d65197d1cc41565e556edb00da17edc8a7
kpatch-patch-4_18_0-372_40_1-debugsource-1-4.el8_6.x86_64.rpm
SHA-256: 24dc315d414353d582238fbf91ab3ba5a67c5530d728574dd1056aac1b7d3831
kpatch-patch-4_18_0-372_41_1-1-3.el8_6.x86_64.rpm
SHA-256: 7bbb6b466c55b14af2eda5b76c193bde574f439e22ba443077e8cef893456127
kpatch-patch-4_18_0-372_41_1-debuginfo-1-3.el8_6.x86_64.rpm
SHA-256: e54e743fe5daccc7fe402f1a3e22915ea098849a83bec6927fb2223f7c424c6a
kpatch-patch-4_18_0-372_41_1-debugsource-1-3.el8_6.x86_64.rpm
SHA-256: 740541875f57c25f7ad1aa227d914fcc9cc6bdb8f6e200a926ab8e7c36c2224b
kpatch-patch-4_18_0-372_46_1-1-1.el8_6.x86_64.rpm
SHA-256: 90fc37933ab4d8b00fcddb380540ac32aca17b1de663222bd85caa13e0d56b8b
kpatch-patch-4_18_0-372_46_1-debuginfo-1-1.el8_6.x86_64.rpm
SHA-256: d0cbb5d12961e16b8776569edae53571622604f36d3f6ba9ba1f06ccb6309d55
kpatch-patch-4_18_0-372_46_1-debugsource-1-1.el8_6.x86_64.rpm
SHA-256: 8453bc721a25d7b5321452f16293ee45b9dac25a039455adde27511b90a7ca5c
Related news
This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.
Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. "The impacted Ubuntu versions are prevalent in the cloud as they serve as the default
Plus: Microsoft patches two zero-day flaws, Google’s Android and Chrome get some much-needed updates, and more.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Ubuntu Security Notice 6071-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
Red Hat Advanced Cluster Management for Kubernetes 2.5.8 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25881: A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.
Ubuntu Security Notice 6043-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for thisCVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Logging Subsystem 5.6.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. * CVE-2023-28120: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is called on a SafeBuffer with untrus...
Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Red Hat Security Advisory 2023-1980-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2023-1984-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on t...
Ubuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23521: A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, ...
Red Hat Security Advisory 2023-1660-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux So...
Red Hat Security Advisory 2023-1557-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1584-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2023-1554-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of se...
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue. * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) o...
An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue. * CVE-2023-0386: A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux...
Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5987-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4744: A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-0266: A use-after-free flaw was found in the...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Ubuntu Security Notice 5934-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5924-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.