Headline
RHSA-2023:5238: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.
- CVE-2023-4128: A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
- CVE-2023-35001: An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel’s nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-19
Updated:
2023-09-19
RHSA-2023:5238 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
- Kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
- BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
- BZ - 2225511 - CVE-2023-4128 Kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
kernel-4.18.0-147.90.1.el8_1.src.rpm
SHA-256: 534950378c2b1e0f34458df00daa3faf0e5982d823b43395cfe2b471f039d325
ppc64le
bpftool-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 5777ce693aa2d612599dfb5f966a97de914c765f7150dd1666c58f5b11a959d8
bpftool-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 101772a5e46bab050dcf961af2397ea25cd0fb7bcec17dd974017a67c22a0d61
kernel-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 19b3848309f65e2829f705119f9d23eff91ac03c6130fb06e3e644b20f061502
kernel-abi-whitelists-4.18.0-147.90.1.el8_1.noarch.rpm
SHA-256: 803a402b37bee3e99723f6352d0b360a49834a4162b97cfdcc6c0a5a8dba1b3f
kernel-core-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: fbde88ae5680c875af453a1594e73b7c4a2f0047ba48ae251db0ab87ef30041f
kernel-cross-headers-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 6b243bf73892b61ee414eef9c7437c271409c0fa0da7c9e747dee4024bfaa8e7
kernel-debug-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: d8f2283268c9b4bb3dccf9c825611b33de03b5c9da19a55a3b8c9d398e3f1ee8
kernel-debug-core-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 59e30f4219ca14a0f2ccbceafe7d01c96742ee55c5374c2d2d55ca1936ad5927
kernel-debug-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: c983ca70c7481121ea16e5575b6d43f1341f9c1433030a5a5b21527a966bb5de
kernel-debug-devel-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 63b828441105bf80296bb8688a2428a6a347594e857dc21061cf4b849a69617a
kernel-debug-modules-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 60dabc5adf4edf7d935d10361c3cfc05cb7bdf4899185d45c4e3173a432cd23f
kernel-debug-modules-extra-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: a5629904eb69eecf70df80f28adacdec24023bf7625364fbeed0e6f316256c88
kernel-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: dc330d2ddbf351e047f4acb847806004cc171a51f6bedd70db9d73ee4af7cd97
kernel-debuginfo-common-ppc64le-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 517cd32f549039beeeed885e6d966a9e5161d1dc7923494162a23ca7eb51dd48
kernel-devel-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: fa1a508cda888152e74e2d520677097eb787c7c011b6f9f1f2aa2d71ddda88c1
kernel-doc-4.18.0-147.90.1.el8_1.noarch.rpm
SHA-256: 80226690bd525c559cc16aed74d301298dd825eebf6ba58f1354a26c5ac0a00d
kernel-headers-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 8b018876f3938305e8ba8146e7168a7056228d2c97622fc561976fd92312e2ed
kernel-modules-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 75003b8ce4ddc76ac35a20546066b2ea52304e252f047f9235c8bc0890059f36
kernel-modules-extra-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 69cc5c0d5c67198b929156028ef7887b5ede6b0d5470683640958065a469f062
kernel-tools-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: f71e384d920fced0bd96b208d69a28ec37be95dfecd0564af0761c2961a16181
kernel-tools-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: b647cc355e2b3d7566d84a2760f7d6b207e1bfcd4800cd98ba14beac7e14e67f
kernel-tools-libs-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 09b1907f15357e4d13a5eb8511c3f09a41affd24a6ee54a87397ef3af7d8a1f2
perf-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: bcfe10a1c60d35475b3e3be44c41b9df68129ba5dda1288ba8b5052560d692ca
perf-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: 33aee61dd3808ffde6f41a9be94fbaab71cebcc85d2d584e1c2189aba909e1d6
python3-perf-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: dfbcad1038dadc7e70c1e1b3a02d9be9b2ac7ceb627bd5456da79717cb38b3a0
python3-perf-debuginfo-4.18.0-147.90.1.el8_1.ppc64le.rpm
SHA-256: ad12aa46661ea1e6f3f653fef7ff9ea7684fb39b7a3c51e6a4b04d80580b058c
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
kernel-4.18.0-147.90.1.el8_1.src.rpm
SHA-256: 534950378c2b1e0f34458df00daa3faf0e5982d823b43395cfe2b471f039d325
x86_64
bpftool-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: c3b40bb2bc654209e1f388a9dfc661732a93437c1de19f9c1b0faf4eba460f24
bpftool-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: ee9c4c7109c3a8eed189ce15ed9f8039257544988e63de9b6ba3ef598806eefc
kernel-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 02f9025ec58d05a9178f08144cb250d23b7c22f1dc7cd13d68b3e58ccc8219a9
kernel-abi-whitelists-4.18.0-147.90.1.el8_1.noarch.rpm
SHA-256: 803a402b37bee3e99723f6352d0b360a49834a4162b97cfdcc6c0a5a8dba1b3f
kernel-core-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: af6a3de6a4585f5d946e1b5871a142448bcd76de4fc7979c58c345095207c952
kernel-cross-headers-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 1cd6b87704772460e47c555d6fcb64252288d41a2c351c53ac77216a7dcaf1f1
kernel-debug-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: cf307d15edca2c494a7c839339c3c591bb233a69a1f5a9f239134e170112e2de
kernel-debug-core-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 2965f040773d2419199f96056fcf4c36169ea63bf1ad7456b34c0d76d20a67b0
kernel-debug-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 87a0d14da387bbb8d030ba76e80555ac1e31447090baef6e7dadd92f7b429fed
kernel-debug-devel-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 58cf2057383f5e782172591311fb1ae393098d2c2583f2816000d26e2c8527a5
kernel-debug-modules-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 2c506cca12cd2c8c82af919019ddcbe590507b135bc43d574b969906bf79464b
kernel-debug-modules-extra-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 2428b0a52a9b9dee93af6076f5ea09d200749c2f1e1e2860839c3423cd9e7e93
kernel-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 4e856d1b5b22bb483a05a8e88fd47abaec94eb3249ebb5054951231e316367fb
kernel-debuginfo-common-x86_64-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 875049855c269fbff1f0a37bd92aa665122dd82dd2e0b7cf9ced5d0a7c6a9942
kernel-devel-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 83b4e12cf7f4189d480033d2427156db848ead36f2143a66f108bb38acf78104
kernel-doc-4.18.0-147.90.1.el8_1.noarch.rpm
SHA-256: 80226690bd525c559cc16aed74d301298dd825eebf6ba58f1354a26c5ac0a00d
kernel-headers-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 5ccdd848aa2fc2e82a9ba1031367eba419145b45fd82d8bf45cd5fcf9b0a28c9
kernel-modules-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 06dd0aad962746d5f4cedbe33d0ed9831dd0c18c8e358e1fd38938175bf04c5b
kernel-modules-extra-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: fbbaf3150306e52c9b7c1253c9e8c39b0f4390f2fab87bf8ecdd86ceb23117c3
kernel-tools-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: b857c153e2bab70f995c7f57f213f45bec4b20d2ad5acec55393c0e98296c7b4
kernel-tools-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 25d9a32bb810c20cfa1e57f77f6f0ca35bb0429d1edfac15353cae2ab3db521a
kernel-tools-libs-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 00e3a95c93ea0e8240a87edb6108f49f27045fd65b8d0d02a861c3c2262cd879
perf-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: c87586a8453fadbf382aaa3b185f40f84c9d849b73a055d55d79fbc54f49929f
perf-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: be606c14d38d97291decbc8218f87c1f009269f92671ce8849989dc26584db06
python3-perf-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: 44402af358cea160a5ed2e75a14fe20d94603c32eb8e30187cc4e753f9bef5f4
python3-perf-debuginfo-4.18.0-147.90.1.el8_1.x86_64.rpm
SHA-256: ab12168ffb7f787061b836d311af8c7748b2c80a18f0bc12e8086494574b70ed
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0262-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0261-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7558-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7423-01 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7379-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6466-1 - Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel contained a race condition during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Hyunwoo Kim discovered that the Technotrend/Hauppauge USB DEC driver in the Linux kernel did not properly handle device removal events. A physically proximate attacker could use this to cause a denial of service.
Ubuntu Security Notice 6396-3 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were also addressed.
Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5588-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1095: A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nf_tables_updtable while freeing a transaction o...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1206: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. * CVE-2...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...
Ubuntu Security Notice 6386-3 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6387-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6386-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6387-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6388-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Yang Lan discovered that the GFS2 file system implementation in the Linux kernel could attempt to dereference a null pointer in some situations. An attacker could use this to construct a malicious GFS2 image that, when mounted and operated on, could cause a denial of service.
Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-5235-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 6383-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the ARM64 KVM implementation in the Linux kernel did not properly restrict hypervisor memory access. An attacker in a guest VM could use this to execute arbitrary code in the host OS.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-3090: A flaw was found...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. 'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-3090: A flaw was found...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate t...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-3390: A use-after-free f...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-3390: A use-after-free f...
Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.
Ubuntu Security Notice 6343-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Debian Linux Security Advisory 5448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace