Headline
RHSA-2023:3853: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation.
- CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-06-27
Updated:
2023-06-27
RHSA-2023:3853 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
kpatch-patch-4_18_0-147_77_1-1-6.el8_1.src.rpm
SHA-256: 6a1c989106ab222c91e963184b39e50e8fe0466bc35f587caa91dacc6ff20f7c
kpatch-patch-4_18_0-147_78_1-1-5.el8_1.src.rpm
SHA-256: 3dad90e24b4a88a4c9b72ecea2b1b2ac0b5cf135baa4e75cb05c38d069d6f202
kpatch-patch-4_18_0-147_80_1-1-4.el8_1.src.rpm
SHA-256: 7c04d9d572f748edc7f21eab958a78e9f9ead449fe7f42206c4e691e7e6e5415
kpatch-patch-4_18_0-147_81_1-1-3.el8_1.src.rpm
SHA-256: 95cf3a3a8c82409a7e92caa5227931dcc110835c471caa2286951f78ae3bbb93
kpatch-patch-4_18_0-147_83_1-1-2.el8_1.src.rpm
SHA-256: 81dce12347000e6f68f24fa6517bb7947f26879e44d2e5489a410c0231d20757
ppc64le
kpatch-patch-4_18_0-147_77_1-1-6.el8_1.ppc64le.rpm
SHA-256: 490a2d2c73b23a8c4e6edcae54447fdbcf3f1d2cff74f1c20449a37bdda7b960
kpatch-patch-4_18_0-147_77_1-debuginfo-1-6.el8_1.ppc64le.rpm
SHA-256: f73d3633a454e510b5d3844653363ca65801960570d4b1df66f5dc095e288d1e
kpatch-patch-4_18_0-147_77_1-debugsource-1-6.el8_1.ppc64le.rpm
SHA-256: db14cc696828cbc1fb0bf1983fd5e291f051f3eec5e97b0332e33fca5b35bcbe
kpatch-patch-4_18_0-147_78_1-1-5.el8_1.ppc64le.rpm
SHA-256: 1e4d18e1062357ba1f4f4de2bbb1b8291681b013e5a9cf58fa02de3f20847d33
kpatch-patch-4_18_0-147_78_1-debuginfo-1-5.el8_1.ppc64le.rpm
SHA-256: 5090102e2c705a410b67102c330dea50ce0730a1207f94c0ab98b2ac1368ffcf
kpatch-patch-4_18_0-147_78_1-debugsource-1-5.el8_1.ppc64le.rpm
SHA-256: 77e80fb30977ce1e0acc859eed51bb234ec9d1491846ac02488b9a0c57dfd569
kpatch-patch-4_18_0-147_80_1-1-4.el8_1.ppc64le.rpm
SHA-256: f14717957a6ecc4372618d1514fa67f23b17c4078c1b09c575e014f256d5f8ac
kpatch-patch-4_18_0-147_80_1-debuginfo-1-4.el8_1.ppc64le.rpm
SHA-256: 8b3e21d8ad1ba3cf277a5310d27ca4ae4e6c7b4894a2f679a00ac959d54487bf
kpatch-patch-4_18_0-147_80_1-debugsource-1-4.el8_1.ppc64le.rpm
SHA-256: d57e55f255180c2404e789e8b1cf8c072189e6b13ea69dffcce5b8b9d7b423b5
kpatch-patch-4_18_0-147_81_1-1-3.el8_1.ppc64le.rpm
SHA-256: 2eea6973b66bc239e13792f754fd2aeae5c857426f5a94b9b4059091150c66a8
kpatch-patch-4_18_0-147_81_1-debuginfo-1-3.el8_1.ppc64le.rpm
SHA-256: 7942674d224e01379a85e96cfa7152f88b0a439a6a2f63fe3296ee5a3edc1738
kpatch-patch-4_18_0-147_81_1-debugsource-1-3.el8_1.ppc64le.rpm
SHA-256: 807b8a47b732f4ae9e1c5d5f9b1c0af86c3e2e7d016eacfaba6126b33392da1f
kpatch-patch-4_18_0-147_83_1-1-2.el8_1.ppc64le.rpm
SHA-256: 761040bda1575a747647e76fc6ae963767c9949a9e19829f57fcfcff434c1199
kpatch-patch-4_18_0-147_83_1-debuginfo-1-2.el8_1.ppc64le.rpm
SHA-256: f7dd75a2d2d2fe65d5d6426e1957165edcd17cf63b818285cd7b2264eeb75df9
kpatch-patch-4_18_0-147_83_1-debugsource-1-2.el8_1.ppc64le.rpm
SHA-256: 7b7dd367902155fe2b5c134a1ebb1ba7c79304c6b15e2dd7243e51c8501a830f
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
kpatch-patch-4_18_0-147_77_1-1-6.el8_1.src.rpm
SHA-256: 6a1c989106ab222c91e963184b39e50e8fe0466bc35f587caa91dacc6ff20f7c
kpatch-patch-4_18_0-147_78_1-1-5.el8_1.src.rpm
SHA-256: 3dad90e24b4a88a4c9b72ecea2b1b2ac0b5cf135baa4e75cb05c38d069d6f202
kpatch-patch-4_18_0-147_80_1-1-4.el8_1.src.rpm
SHA-256: 7c04d9d572f748edc7f21eab958a78e9f9ead449fe7f42206c4e691e7e6e5415
kpatch-patch-4_18_0-147_81_1-1-3.el8_1.src.rpm
SHA-256: 95cf3a3a8c82409a7e92caa5227931dcc110835c471caa2286951f78ae3bbb93
kpatch-patch-4_18_0-147_83_1-1-2.el8_1.src.rpm
SHA-256: 81dce12347000e6f68f24fa6517bb7947f26879e44d2e5489a410c0231d20757
x86_64
kpatch-patch-4_18_0-147_77_1-1-6.el8_1.x86_64.rpm
SHA-256: 1b379ee4f90bc75e72fb7f5a0881943d0e69065ac8f3c707daf4edfdf4fa4fbf
kpatch-patch-4_18_0-147_77_1-debuginfo-1-6.el8_1.x86_64.rpm
SHA-256: 7d7f74d5e06f95d51198a08a2ae66c1ef929071baee1ef72cf875f54de82f4ac
kpatch-patch-4_18_0-147_77_1-debugsource-1-6.el8_1.x86_64.rpm
SHA-256: bf2ce491b95447d4bf46dc575824d60a36df56261f4a4b62c1a3f602a1d1408a
kpatch-patch-4_18_0-147_78_1-1-5.el8_1.x86_64.rpm
SHA-256: 81d1c00e147dc9823c60eed8a94f5847f776895362a6e2cfc65a85a60073f500
kpatch-patch-4_18_0-147_78_1-debuginfo-1-5.el8_1.x86_64.rpm
SHA-256: 5940b76fae1b532558f21e0e9dd17835b239cd438e50cbb0879b22e8ae79e018
kpatch-patch-4_18_0-147_78_1-debugsource-1-5.el8_1.x86_64.rpm
SHA-256: cf9eaa57e67e18c3a16a8ad60635d085ec23b3813c98ad510478cad2008c3b06
kpatch-patch-4_18_0-147_80_1-1-4.el8_1.x86_64.rpm
SHA-256: 70c09ff239a83b261ad6706cae879814f5a2139cbc58533124083f0626ec70f1
kpatch-patch-4_18_0-147_80_1-debuginfo-1-4.el8_1.x86_64.rpm
SHA-256: 447315a7923e625b27df9da5e4bf7901b5f534507ce35256bb5ddbe4d3957239
kpatch-patch-4_18_0-147_80_1-debugsource-1-4.el8_1.x86_64.rpm
SHA-256: c834457a6c9febcf675e4a3d910598bd4c0544eb91169a6b1aa64c969ee785cb
kpatch-patch-4_18_0-147_81_1-1-3.el8_1.x86_64.rpm
SHA-256: d38a5ec40e8a773d9e0e3047efd212d48b721ce5902699125fcc235178337edf
kpatch-patch-4_18_0-147_81_1-debuginfo-1-3.el8_1.x86_64.rpm
SHA-256: 882e95d679dd342e330f9c8ae4c70f82c1cbeeed424b1d93c75d6df4a3091c6b
kpatch-patch-4_18_0-147_81_1-debugsource-1-3.el8_1.x86_64.rpm
SHA-256: bff5cff50bb02de678954030673816b1e267f40b59128d03a0c9f20e47558915
kpatch-patch-4_18_0-147_83_1-1-2.el8_1.x86_64.rpm
SHA-256: 1c1b639ef742dd6a8aa6f6a37851844215e6171514c1f8c9a74bf77189e7f8d9
kpatch-patch-4_18_0-147_83_1-debuginfo-1-2.el8_1.x86_64.rpm
SHA-256: 0adf228d09acda2aca0dd5cdefb24ed7d234d8afc50ac256ec75c2da141e6b2f
kpatch-patch-4_18_0-147_83_1-debugsource-1-2.el8_1.x86_64.rpm
SHA-256: 886f352c95c0338dfc86f94b167be626440b21cecd7059750f3da68be193b954
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Red Hat Security Advisory 2023-5621-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...
Red Hat Security Advisory 2023-4699-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversin...
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-4145-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4146-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
An update for kpatch-patch-4_18_0-193_100_1, kpatch-patch-4_18_0-193_105_1, kpatch-patch-4_18_0-193_95_1, and kpatch-patch-4_18_0-193_98_1 is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user...
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local ...
Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.
Red Hat Security Advisory 2023-3853-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-afte...
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3490-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's udm...
Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially es...
Ubuntu Security Notice 6093-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6030-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.
Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 5977-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.