Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4828: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in __ip_options_echo and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#rpm#sap

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm

SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm

SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm

SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm

SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm

SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm

SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b

x86_64

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.x86_64.rpm

SHA-256: 64112500ff69a8cbe2050db4245f1abb60df0b171a80bee94d9c14aa0049cce1

kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.x86_64.rpm

SHA-256: 0c74c8fdc594431f521807dfc5a057c051fa16192fec4b69bccff7a62d8ba172

kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.x86_64.rpm

SHA-256: ec657bb83c0a5d188e38a2cdc4b26539064486ab41b117fc776f1965258a194c

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.x86_64.rpm

SHA-256: cf0c75ac87702643833179690aba0d0899cc9fa1123a2b6a808304957be07fbb

kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.x86_64.rpm

SHA-256: 3022a6bc23696e85aa957f7892ca21ae1ec1833f5c471278fdef77eeb0d09023

kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.x86_64.rpm

SHA-256: bd3e58658e573f1a29a01df13332b0c61a9c446e49d4781ce1afc09958bbff5d

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.x86_64.rpm

SHA-256: e53ff1ec6ac690abc2a38c3f5546aec24d5b5f6e1fdaba89393eef455933e25a

kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: b49edecd3eed6cfc0510948a2b94dfa110efd023288b49e707d4816f264db97d

kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: 7d5fb028c63430c49f9859772ee86b3cd9fb18fba0d26dc51ed6d1d30fc746c0

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.x86_64.rpm

SHA-256: e8e3eeaf09edf65f2ab56ed06e2bd9544c7a34f4802b4310d371dd4013f2b887

kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: 41987e17753320d652405f728e50bd8bedf80e886efa733c0f5742042cebf51c

kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 201d8a7c3bdd93ccfb76a6def8a16403bd9730da9c207ef51b8737d9fbfc5262

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.x86_64.rpm

SHA-256: 065d7159eefb6e03e590af75d2afeac65255f4631a44e3bd5a3df9d123f9e157

kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 9ac4f5108b1fe343ed7f2261df056a97b864554e875c8f91084bd074ec451015

kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: f88f24dbc9e355ca3e3807355f23dfde638d7217027c0f34e3b19c1638a86328

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.x86_64.rpm

SHA-256: 5a68b8e3c8d8b22ca91cd315ffd832ddba739bfec075fa86bb18f10405115d6c

kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.x86_64.rpm

SHA-256: 23298311de60ea0ab3123f7d7b362a5e03b6ed9d8256f28be0d121b44a31a09e

kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.x86_64.rpm

SHA-256: 68b1ab07220a206b68e54ef1037b39f526baef39561c9a4e815ddae8f80697bf

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm

SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm

SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm

SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm

SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm

SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm

SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b

ppc64le

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.ppc64le.rpm

SHA-256: e23b6d54c59d671b4946879b70da595df5dc27a79b8275c0a21e3ef936380bfd

kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.ppc64le.rpm

SHA-256: 6d46eb9e3dc8570b672eb28dd042cd1766c19a8406a84c57c0707999be4c442f

kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.ppc64le.rpm

SHA-256: 72850d4b3ecc96c0ef19a34311b31ecad6faf7815ae7c1fb239b6a2181d4f4f6

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.ppc64le.rpm

SHA-256: b027007675dd1472e9a2970d2d715e50b7f12eebdab97cae4304ea880423cc3f

kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.ppc64le.rpm

SHA-256: 8b711899c0088e483d2e3e3d015e13a704d6494ad7c04e37e146bcc279ab31f6

kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.ppc64le.rpm

SHA-256: b6e656e3c147160f3e0797977c72cfae37eabc5f5b98b5345cb72cb4857fc4c2

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.ppc64le.rpm

SHA-256: c407c9c27e7ea4bba00488a721ee6474779ee454c0fad6b07b15b446ef2c8a60

kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: da51ab442058bc55ef3e7c9296ab89253bb520473f431bd64d9d1b57da473d29

kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: 2900e6266c3b01e61b96757044ab3d904c4e66db264ed38028206105fff824bc

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.ppc64le.rpm

SHA-256: b6c30741d2e62640a4de040c5881f66762403206a6824b88b9a41578e7f718c9

kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 8b34f08036f88af19646c33172e0eea8d37d964a3b982983f7427872114a42bb

kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: c3d8157ca18aa9586d6702ff6d1279bfe2ea2dd20afe98d11474ce8b23ed712e

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.ppc64le.rpm

SHA-256: e4d584042dbb7e8133fb6983de94bcc08a40faaa2727327952f842f739b9e3f2

kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: 75e01815ab352503eba1ae152af73d9093afc21df6ef374c38f7fb533fd50980

kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: d4cc5f7b7542708dee5fa5244d627423942d49616881dc476abd46fc63ebdfe3

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.ppc64le.rpm

SHA-256: 79016dd6b67c93218541e711fb10d472d281b0c53cdb3d566203b7c70795968a

kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.ppc64le.rpm

SHA-256: c45d6291a1de12ed1e1b719eedd976171935cea5dc18d424fd6eaa84fb440220

kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.ppc64le.rpm

SHA-256: 92174e6d915c3eb1ceaec7cc5ab2da55f87f91331b6b43f54c428ef1d74e684d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm

SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm

SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm

SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm

SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm

SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm

SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b

ppc64le

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.ppc64le.rpm

SHA-256: e23b6d54c59d671b4946879b70da595df5dc27a79b8275c0a21e3ef936380bfd

kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.ppc64le.rpm

SHA-256: 6d46eb9e3dc8570b672eb28dd042cd1766c19a8406a84c57c0707999be4c442f

kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.ppc64le.rpm

SHA-256: 72850d4b3ecc96c0ef19a34311b31ecad6faf7815ae7c1fb239b6a2181d4f4f6

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.ppc64le.rpm

SHA-256: b027007675dd1472e9a2970d2d715e50b7f12eebdab97cae4304ea880423cc3f

kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.ppc64le.rpm

SHA-256: 8b711899c0088e483d2e3e3d015e13a704d6494ad7c04e37e146bcc279ab31f6

kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.ppc64le.rpm

SHA-256: b6e656e3c147160f3e0797977c72cfae37eabc5f5b98b5345cb72cb4857fc4c2

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.ppc64le.rpm

SHA-256: c407c9c27e7ea4bba00488a721ee6474779ee454c0fad6b07b15b446ef2c8a60

kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: da51ab442058bc55ef3e7c9296ab89253bb520473f431bd64d9d1b57da473d29

kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: 2900e6266c3b01e61b96757044ab3d904c4e66db264ed38028206105fff824bc

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.ppc64le.rpm

SHA-256: b6c30741d2e62640a4de040c5881f66762403206a6824b88b9a41578e7f718c9

kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 8b34f08036f88af19646c33172e0eea8d37d964a3b982983f7427872114a42bb

kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: c3d8157ca18aa9586d6702ff6d1279bfe2ea2dd20afe98d11474ce8b23ed712e

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.ppc64le.rpm

SHA-256: e4d584042dbb7e8133fb6983de94bcc08a40faaa2727327952f842f739b9e3f2

kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: 75e01815ab352503eba1ae152af73d9093afc21df6ef374c38f7fb533fd50980

kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: d4cc5f7b7542708dee5fa5244d627423942d49616881dc476abd46fc63ebdfe3

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.ppc64le.rpm

SHA-256: 79016dd6b67c93218541e711fb10d472d281b0c53cdb3d566203b7c70795968a

kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.ppc64le.rpm

SHA-256: c45d6291a1de12ed1e1b719eedd976171935cea5dc18d424fd6eaa84fb440220

kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.ppc64le.rpm

SHA-256: 92174e6d915c3eb1ceaec7cc5ab2da55f87f91331b6b43f54c428ef1d74e684d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.src.rpm

SHA-256: cad8138bb6520955d07a2d81e847d454e9b037256c34abafb22d6b9655c33dfe

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.src.rpm

SHA-256: e09a86a065d0d92d4399eee3f1745e12184746717c5dde97301e8550c192c9db

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.src.rpm

SHA-256: c3f4a5ceda58c72e5415c16110b641144225073e3ed40952125d6ef020b70999

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.src.rpm

SHA-256: 4e628c8907b12c0bd3208993050605d241aa9da23787f67cfd55926ccd685244

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.src.rpm

SHA-256: 02442784a7ff857da3eb727d574266309efc82296dbda50fe3362f589da6020e

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.src.rpm

SHA-256: 356cedbd393a19d1641f830efbf63992ef9f667f7fc839f707b1f04f0047354b

x86_64

kpatch-patch-5_14_0-70_43_1-1-6.el9_0.x86_64.rpm

SHA-256: 64112500ff69a8cbe2050db4245f1abb60df0b171a80bee94d9c14aa0049cce1

kpatch-patch-5_14_0-70_43_1-debuginfo-1-6.el9_0.x86_64.rpm

SHA-256: 0c74c8fdc594431f521807dfc5a057c051fa16192fec4b69bccff7a62d8ba172

kpatch-patch-5_14_0-70_43_1-debugsource-1-6.el9_0.x86_64.rpm

SHA-256: ec657bb83c0a5d188e38a2cdc4b26539064486ab41b117fc776f1965258a194c

kpatch-patch-5_14_0-70_49_1-1-5.el9_0.x86_64.rpm

SHA-256: cf0c75ac87702643833179690aba0d0899cc9fa1123a2b6a808304957be07fbb

kpatch-patch-5_14_0-70_49_1-debuginfo-1-5.el9_0.x86_64.rpm

SHA-256: 3022a6bc23696e85aa957f7892ca21ae1ec1833f5c471278fdef77eeb0d09023

kpatch-patch-5_14_0-70_49_1-debugsource-1-5.el9_0.x86_64.rpm

SHA-256: bd3e58658e573f1a29a01df13332b0c61a9c446e49d4781ce1afc09958bbff5d

kpatch-patch-5_14_0-70_50_2-1-4.el9_0.x86_64.rpm

SHA-256: e53ff1ec6ac690abc2a38c3f5546aec24d5b5f6e1fdaba89393eef455933e25a

kpatch-patch-5_14_0-70_50_2-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: b49edecd3eed6cfc0510948a2b94dfa110efd023288b49e707d4816f264db97d

kpatch-patch-5_14_0-70_50_2-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: 7d5fb028c63430c49f9859772ee86b3cd9fb18fba0d26dc51ed6d1d30fc746c0

kpatch-patch-5_14_0-70_53_1-1-3.el9_0.x86_64.rpm

SHA-256: e8e3eeaf09edf65f2ab56ed06e2bd9544c7a34f4802b4310d371dd4013f2b887

kpatch-patch-5_14_0-70_53_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: 41987e17753320d652405f728e50bd8bedf80e886efa733c0f5742042cebf51c

kpatch-patch-5_14_0-70_53_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 201d8a7c3bdd93ccfb76a6def8a16403bd9730da9c207ef51b8737d9fbfc5262

kpatch-patch-5_14_0-70_58_1-1-2.el9_0.x86_64.rpm

SHA-256: 065d7159eefb6e03e590af75d2afeac65255f4631a44e3bd5a3df9d123f9e157

kpatch-patch-5_14_0-70_58_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 9ac4f5108b1fe343ed7f2261df056a97b864554e875c8f91084bd074ec451015

kpatch-patch-5_14_0-70_58_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: f88f24dbc9e355ca3e3807355f23dfde638d7217027c0f34e3b19c1638a86328

kpatch-patch-5_14_0-70_64_1-1-1.el9_0.x86_64.rpm

SHA-256: 5a68b8e3c8d8b22ca91cd315ffd832ddba739bfec075fa86bb18f10405115d6c

kpatch-patch-5_14_0-70_64_1-debuginfo-1-1.el9_0.x86_64.rpm

SHA-256: 23298311de60ea0ab3123f7d7b362a5e03b6ed9d8256f28be0d121b44a31a09e

kpatch-patch-5_14_0-70_64_1-debugsource-1-1.el9_0.x86_64.rpm

SHA-256: 68b1ab07220a206b68e54ef1037b39f526baef39561c9a4e815ddae8f80697bf

Related news

Kernel Live Patch Security Notice LSN-0098-1

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). Various other issues were also addressed.

RHSA-2023:5548: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...

Ubuntu Security Notice USN-6385-1

Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-5255-01

Red Hat Security Advisory 2023-5255-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine- tuning for systems with extremely high determinism requirements. Issues addressed include information leakage, out of bounds write, and use-after-free vulnerabilities.

Kernel Live Patch Security Notice LSN-0097-1

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.

Red Hat Security Advisory 2023-4967-01

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

RHSA-2023:4962: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...

RHSA-2023:4961: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which ...

Red Hat Security Advisory 2023-4828-01

Red Hat Security Advisory 2023-4828-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-4815-01

Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

Red Hat Security Advisory 2023-4814-01

Red Hat Security Advisory 2023-4814-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:4817: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...

RHSA-2023:4380: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-2023-35788: A flaw was found ...

Ubuntu Security Notice USN-6261-1

Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6260-1

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6255-1

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6254-1

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6250-1

Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6246-1

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.