Headline
RHSA-2023:4828: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in
__ip_options_echoand can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation.
Synopsis
Important: kpatch-patch security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Fixes
- BZ - 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm
SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm
SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm
SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm
SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm
SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm
SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b
x86_64
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.x86_64.rpm
SHA-256: 64112500ff69a8cbe2050db4245f1abb60df0b171a80bee94d9c14aa0049cce1
kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.x86_64.rpm
SHA-256: 0c74c8fdc594431f521807dfc5a057c051fa16192fec4b69bccff7a62d8ba172
kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.x86_64.rpm
SHA-256: ec657bb83c0a5d188e38a2cdc4b26539064486ab41b117fc776f1965258a194c
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.x86_64.rpm
SHA-256: cf0c75ac87702643833179690aba0d0899cc9fa1123a2b6a808304957be07fbb
kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.x86_64.rpm
SHA-256: 3022a6bc23696e85aa957f7892ca21ae1ec1833f5c471278fdef77eeb0d09023
kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.x86_64.rpm
SHA-256: bd3e58658e573f1a29a01df13332b0c61a9c446e49d4781ce1afc09958bbff5d
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.x86_64.rpm
SHA-256: e53ff1ec6ac690abc2a38c3f5546aec24d5b5f6e1fdaba89393eef455933e25a
kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.x86_64.rpm
SHA-256: b49edecd3eed6cfc0510948a2b94dfa110efd023288b49e707d4816f264db97d
kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.x86_64.rpm
SHA-256: 7d5fb028c63430c49f9859772ee86b3cd9fb18fba0d26dc51ed6d1d30fc746c0
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.x86_64.rpm
SHA-256: e8e3eeaf09edf65f2ab56ed06e2bd9544c7a34f4802b4310d371dd4013f2b887
kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: 41987e17753320d652405f728e50bd8bedf80e886efa733c0f5742042cebf51c
kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 201d8a7c3bdd93ccfb76a6def8a16403bd9730da9c207ef51b8737d9fbfc5262
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.x86_64.rpm
SHA-256: 065d7159eefb6e03e590af75d2afeac65255f4631a44e3bd5a3df9d123f9e157
kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 9ac4f5108b1fe343ed7f2261df056a97b864554e875c8f91084bd074ec451015
kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: f88f24dbc9e355ca3e3807355f23dfde638d7217027c0f34e3b19c1638a86328
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.x86_64.rpm
SHA-256: 5a68b8e3c8d8b22ca91cd315ffd832ddba739bfec075fa86bb18f10405115d6c
kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 23298311de60ea0ab3123f7d7b362a5e03b6ed9d8256f28be0d121b44a31a09e
kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: 68b1ab07220a206b68e54ef1037b39f526baef39561c9a4e815ddae8f80697bf
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm
SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm
SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm
SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm
SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm
SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm
SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b
ppc64le
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.ppc64le.rpm
SHA-256: e23b6d54c59d671b4946879b70da595df5dc27a79b8275c0a21e3ef936380bfd
kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.ppc64le.rpm
SHA-256: 6d46eb9e3dc8570b672eb28dd042cd1766c19a8406a84c57c0707999be4c442f
kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.ppc64le.rpm
SHA-256: 72850d4b3ecc96c0ef19a34311b31ecad6faf7815ae7c1fb239b6a2181d4f4f6
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.ppc64le.rpm
SHA-256: b027007675dd1472e9a2970d2d715e50b7f12eebdab97cae4304ea880423cc3f
kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.ppc64le.rpm
SHA-256: 8b711899c0088e483d2e3e3d015e13a704d6494ad7c04e37e146bcc279ab31f6
kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.ppc64le.rpm
SHA-256: b6e656e3c147160f3e0797977c72cfae37eabc5f5b98b5345cb72cb4857fc4c2
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.ppc64le.rpm
SHA-256: c407c9c27e7ea4bba00488a721ee6474779ee454c0fad6b07b15b446ef2c8a60
kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.ppc64le.rpm
SHA-256: da51ab442058bc55ef3e7c9296ab89253bb520473f431bd64d9d1b57da473d29
kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.ppc64le.rpm
SHA-256: 2900e6266c3b01e61b96757044ab3d904c4e66db264ed38028206105fff824bc
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.ppc64le.rpm
SHA-256: b6c30741d2e62640a4de040c5881f66762403206a6824b88b9a41578e7f718c9
kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 8b34f08036f88af19646c33172e0eea8d37d964a3b982983f7427872114a42bb
kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: c3d8157ca18aa9586d6702ff6d1279bfe2ea2dd20afe98d11474ce8b23ed712e
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.ppc64le.rpm
SHA-256: e4d584042dbb7e8133fb6983de94bcc08a40faaa2727327952f842f739b9e3f2
kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 75e01815ab352503eba1ae152af73d9093afc21df6ef374c38f7fb533fd50980
kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: d4cc5f7b7542708dee5fa5244d627423942d49616881dc476abd46fc63ebdfe3
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.ppc64le.rpm
SHA-256: 79016dd6b67c93218541e711fb10d472d281b0c53cdb3d566203b7c70795968a
kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: c45d6291a1de12ed1e1b719eedd976171935cea5dc18d424fd6eaa84fb440220
kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: 92174e6d915c3eb1ceaec7cc5ab2da55f87f91331b6b43f54c428ef1d74e684d
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm
SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm
SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm
SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm
SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm
SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm
SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b
ppc64le
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.ppc64le.rpm
SHA-256: e23b6d54c59d671b4946879b70da595df5dc27a79b8275c0a21e3ef936380bfd
kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.ppc64le.rpm
SHA-256: 6d46eb9e3dc8570b672eb28dd042cd1766c19a8406a84c57c0707999be4c442f
kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.ppc64le.rpm
SHA-256: 72850d4b3ecc96c0ef19a34311b31ecad6faf7815ae7c1fb239b6a2181d4f4f6
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.ppc64le.rpm
SHA-256: b027007675dd1472e9a2970d2d715e50b7f12eebdab97cae4304ea880423cc3f
kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.ppc64le.rpm
SHA-256: 8b711899c0088e483d2e3e3d015e13a704d6494ad7c04e37e146bcc279ab31f6
kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.ppc64le.rpm
SHA-256: b6e656e3c147160f3e0797977c72cfae37eabc5f5b98b5345cb72cb4857fc4c2
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.ppc64le.rpm
SHA-256: c407c9c27e7ea4bba00488a721ee6474779ee454c0fad6b07b15b446ef2c8a60
kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.ppc64le.rpm
SHA-256: da51ab442058bc55ef3e7c9296ab89253bb520473f431bd64d9d1b57da473d29
kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.ppc64le.rpm
SHA-256: 2900e6266c3b01e61b96757044ab3d904c4e66db264ed38028206105fff824bc
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.ppc64le.rpm
SHA-256: b6c30741d2e62640a4de040c5881f66762403206a6824b88b9a41578e7f718c9
kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.ppc64le.rpm
SHA-256: 8b34f08036f88af19646c33172e0eea8d37d964a3b982983f7427872114a42bb
kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.ppc64le.rpm
SHA-256: c3d8157ca18aa9586d6702ff6d1279bfe2ea2dd20afe98d11474ce8b23ed712e
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.ppc64le.rpm
SHA-256: e4d584042dbb7e8133fb6983de94bcc08a40faaa2727327952f842f739b9e3f2
kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.ppc64le.rpm
SHA-256: 75e01815ab352503eba1ae152af73d9093afc21df6ef374c38f7fb533fd50980
kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.ppc64le.rpm
SHA-256: d4cc5f7b7542708dee5fa5244d627423942d49616881dc476abd46fc63ebdfe3
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.ppc64le.rpm
SHA-256: 79016dd6b67c93218541e711fb10d472d281b0c53cdb3d566203b7c70795968a
kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.ppc64le.rpm
SHA-256: c45d6291a1de12ed1e1b719eedd976171935cea5dc18d424fd6eaa84fb440220
kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.ppc64le.rpm
SHA-256: 92174e6d915c3eb1ceaec7cc5ab2da55f87f91331b6b43f54c428ef1d74e684d
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm
SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm
SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm
SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm
SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm
SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm
SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b
x86_64
kpatch-patch-5_14_0-70_43_1-1-6.el9_0.x86_64.rpm
SHA-256: 64112500ff69a8cbe2050db4245f1abb60df0b171a80bee94d9c14aa0049cce1
kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.x86_64.rpm
SHA-256: 0c74c8fdc594431f521807dfc5a057c051fa16192fec4b69bccff7a62d8ba172
kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.x86_64.rpm
SHA-256: ec657bb83c0a5d188e38a2cdc4b26539064486ab41b117fc776f1965258a194c
kpatch-patch-5_14_0-70_49_1-1-5.el9_0.x86_64.rpm
SHA-256: cf0c75ac87702643833179690aba0d0899cc9fa1123a2b6a808304957be07fbb
kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.x86_64.rpm
SHA-256: 3022a6bc23696e85aa957f7892ca21ae1ec1833f5c471278fdef77eeb0d09023
kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.x86_64.rpm
SHA-256: bd3e58658e573f1a29a01df13332b0c61a9c446e49d4781ce1afc09958bbff5d
kpatch-patch-5_14_0-70_50_2-1-4.el9_0.x86_64.rpm
SHA-256: e53ff1ec6ac690abc2a38c3f5546aec24d5b5f6e1fdaba89393eef455933e25a
kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.x86_64.rpm
SHA-256: b49edecd3eed6cfc0510948a2b94dfa110efd023288b49e707d4816f264db97d
kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.x86_64.rpm
SHA-256: 7d5fb028c63430c49f9859772ee86b3cd9fb18fba0d26dc51ed6d1d30fc746c0
kpatch-patch-5_14_0-70_53_1-1-3.el9_0.x86_64.rpm
SHA-256: e8e3eeaf09edf65f2ab56ed06e2bd9544c7a34f4802b4310d371dd4013f2b887
kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.x86_64.rpm
SHA-256: 41987e17753320d652405f728e50bd8bedf80e886efa733c0f5742042cebf51c
kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.x86_64.rpm
SHA-256: 201d8a7c3bdd93ccfb76a6def8a16403bd9730da9c207ef51b8737d9fbfc5262
kpatch-patch-5_14_0-70_58_1-1-2.el9_0.x86_64.rpm
SHA-256: 065d7159eefb6e03e590af75d2afeac65255f4631a44e3bd5a3df9d123f9e157
kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.x86_64.rpm
SHA-256: 9ac4f5108b1fe343ed7f2261df056a97b864554e875c8f91084bd074ec451015
kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.x86_64.rpm
SHA-256: f88f24dbc9e355ca3e3807355f23dfde638d7217027c0f34e3b19c1638a86328
kpatch-patch-5_14_0-70_64_1-1-1.el9_0.x86_64.rpm
SHA-256: 5a68b8e3c8d8b22ca91cd315ffd832ddba739bfec075fa86bb18f10405115d6c
kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.x86_64.rpm
SHA-256: 23298311de60ea0ab3123f7d7b362a5e03b6ed9d8256f28be0d121b44a31a09e
kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.x86_64.rpm
SHA-256: 68b1ab07220a206b68e54ef1037b39f526baef39561c9a4e815ddae8f80697bf
Related news
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were also addressed.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...
Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.
Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which ...
Red Hat Security Advisory 2023-4828-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4814-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-35788: A flaw was found ...
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.
Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.