Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3852: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation.
  • CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-27

Updated:

2023-06-27

RHSA-2023:3852 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
  • kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208289)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
  • BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

kernel-4.18.0-147.85.1.el8_1.src.rpm

SHA-256: dd123903f253f358f8f973d70580448ba6a1e4d2b8c19da16041909bab28eb8a

ppc64le

bpftool-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 4221d5b8a928a0f56edf1870712620215afc3e216d396d97a8af68613c7a427d

bpftool-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 95c0afa6528943c30adbcece36551918d63827cc29b085c02a15062e7423862f

kernel-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 5023b3794338693f3a6886ca41756b48cf43f5a230126ea6514f3c9aa59f5397

kernel-abi-whitelists-4.18.0-147.85.1.el8_1.noarch.rpm

SHA-256: b036827e9896517ddfe3a3825d6cd819c1ee4cdd0088013656f2ad75277bae6b

kernel-core-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 4aed7553144e5a736a2b4e1f65b5c8954d4a44d42fc56291d707ba3011f4d2fb

kernel-cross-headers-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 36bf3124b7fd9e3ca48d8db95381ebc96170d4a3b5a379eab6a4910a5b08916a

kernel-debug-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: d159048f9705de68dd726160c658b39d445c53b94f832290fbcd8279aa30ef3c

kernel-debug-core-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 9e13cb861899837eb9bffc9c77f58e8ee594bc9d546d1fb1f3b21f587e404681

kernel-debug-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: cfb0c79e69ca5da13652536420c074551160e3e0a7295acbb9bafad7f5bf9f68

kernel-debug-devel-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 8c754b421177d24df9b994039f1a672dcc07fa09d558b381d9772e600b7d141e

kernel-debug-modules-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: a58507b67a335add073f7b4d47b49d18397b36037ad2bc44fadabf5f9309b276

kernel-debug-modules-extra-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 2df31a6f8bfa9399503566e80ffae56d7d1310dd576c3b48b496e225b11314a4

kernel-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: f5fe67d9ba013aec23d42f6c5277212dc47c4a52bd8f81b8ea23864b11572c0c

kernel-debuginfo-common-ppc64le-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: a8cf0aba2baa9709c1d98c559bc156abd9f83c338055b25afe97b9daa1178945

kernel-devel-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: e2bbe25ddc49ed2d7d3d8f7510d620d4cd86ac81e575bca804156aceecffea2d

kernel-doc-4.18.0-147.85.1.el8_1.noarch.rpm

SHA-256: f852627c994bf4ceaf324e921429c75a53266861d55411a51f6e66a05f62e568

kernel-headers-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 1e4ac3353b80bb077965817d9eb924e141d4c7536ae04c5f63756acf5ad1ecf4

kernel-modules-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: e4e7d7fd437fd5228001b1d769b39c8a24fd0bc4ddf02013c0e2c3be4d295d41

kernel-modules-extra-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 362ddf9c194c701261d2f91055c628ac53599808c056bac0734c8ac9afcf8e19

kernel-tools-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: dfc01034565b5072caa9fc7c5cd137412741e064d3c278b61bfc98c904297440

kernel-tools-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 5c195b126c2ace918409a1776efa4ad9648e92029d571b4aa926e1eb5ff7a90c

kernel-tools-libs-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 552e9571acfdeb2932aa2638f6c41544a9f82d29bb26ed4a77f581e169184613

perf-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 3b2a0920119fa6048bb31e50706d21934d84188fce9b973a381653e1ed6ad0c7

perf-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: fed791b951d9092e58d12819fbe63046345ef918dd0b8d25ddbcd2d520cdd76f

python3-perf-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 6cadff5da81905d6445ca65d3463f27962fe7588a248c65b68eac3aa99d5e38e

python3-perf-debuginfo-4.18.0-147.85.1.el8_1.ppc64le.rpm

SHA-256: 3b26eb1c27af8a16440130c2e1499ddb8d328320b0fc174addbf9f9c85e2e029

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

kernel-4.18.0-147.85.1.el8_1.src.rpm

SHA-256: dd123903f253f358f8f973d70580448ba6a1e4d2b8c19da16041909bab28eb8a

x86_64

bpftool-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 096d769bd3f1b218c551a70df7151fd75fb1fe14b816f290ee4ee54872af0286

bpftool-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 147bd61012bb10eb9b3ca4eebeb2945b04fefac686d185fe1056b74549cf549f

kernel-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: f24072a529d4dd2d1f697bcf2fb75c32e0f33d2b561a90e238b01f27c3ebca95

kernel-abi-whitelists-4.18.0-147.85.1.el8_1.noarch.rpm

SHA-256: b036827e9896517ddfe3a3825d6cd819c1ee4cdd0088013656f2ad75277bae6b

kernel-core-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: ed0d6802ac2fefa26ffa0c61f5757454b9dd2d43acf528098dcca54fdbda6448

kernel-cross-headers-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: ad70c7db7347710fc200174dc316ba086692b07a84ed6e4c66e9521d5e530326

kernel-debug-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 9a2dde06d330f66604a242ef7fb2e5744886306d055a99defec9631f18bc03a5

kernel-debug-core-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: e204b33067ad91559858eeb03801fbfcf416ed95d933435d7518f9a44505bfa9

kernel-debug-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 3fda5af155c0eabd47f1412977221cd63178858f3f25ce564f11ac77143c2285

kernel-debug-devel-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 6d51aaca997e146d23990e6e37c624f91ed20c6b9420902b4f2995e951edabe6

kernel-debug-modules-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 30c4f568882537874a8efe9e883f2af6b1e15569a7b7ff6aab5927dd4e72919a

kernel-debug-modules-extra-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: e19616210bd9c15cee49f52207ffc218c99890bdb4cd6ff95a1f887dff34e284

kernel-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: fe36422204e8f87f0316d968728b8e1e4a7dc2c545ea304ece87fe46e1eb099f

kernel-debuginfo-common-x86_64-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 2ab9f0523e8406ec73f6e62bfbb33236c157f2204d0d654ce7ce48821a960ea7

kernel-devel-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 597a052336e93026aadd8a3be7cc06904a3e6535cba65b869c84b56cc40dea83

kernel-doc-4.18.0-147.85.1.el8_1.noarch.rpm

SHA-256: f852627c994bf4ceaf324e921429c75a53266861d55411a51f6e66a05f62e568

kernel-headers-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: ccac9b6bfeddd8cd5038b0664361613fb35f22b951b61b87023cb521e6d32eac

kernel-modules-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 9590d621c38ff2978e1aa6f5d0a644e1897e6af54363825d97e4e1717e584b9a

kernel-modules-extra-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 6ac62e2ed60f79b44cb70af9fc9f3b49dc143f66ce3d060e61ebc01efd56612d

kernel-tools-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 2407987e664c5162250944a26606ae31693d728f17f43a5f39b7a537d843bea5

kernel-tools-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 3990cd34d344f7e1e2a932690c4bedd3783ec57525ebdfce38fe373aa3f5c010

kernel-tools-libs-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: f9dca42d5212ccb51c07a211ca711e8de0975203514ec17af933757fc42bf08f

perf-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: e064447ebcd1459559359c23e48860dcd098e9deb797826012d60adb614faa0d

perf-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 1b45ad0892d6bb9f653a0bd1b4ac227a82da4667ad05535571b286769ffccad4

python3-perf-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 588fd9e3eae7c84dd23a8ac7167d9dc06017574c272bfd32a074b5ce68bce916

python3-perf-debuginfo-4.18.0-147.85.1.el8_1.x86_64.rpm

SHA-256: 2161aa46b2ee78f2727abb6f4e49197cc6717f6b344721d32a294d21b9476db5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Red Hat Security Advisory 2023-5621-01

Red Hat Security Advisory 2023-5621-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:5419: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...

Red Hat Security Advisory 2023-4699-01

Red Hat Security Advisory 2023-4699-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4517-01

Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

RHSA-2023:4531: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via B...

Ubuntu Security Notice USN-6256-1

Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

RHSA-2023:4256: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversin...

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

Red Hat Security Advisory 2023-4145-01

Red Hat Security Advisory 2023-4145-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4146-01

Red Hat Security Advisory 2023-4146-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4126-01

Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4130-01

Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:4145: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-after-fr...

RHSA-2023:4126: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-1281: A use-after-free vulnerability w...

Ubuntu Security Notice USN-6222-1

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2023-3853-01

Red Hat Security Advisory 2023-3853-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:3853: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...

RHSA-2023:3705: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2235: The Linux kernel's Performance Events subsystem has a use-after-free flaw that occurs when a user triggers the perf_group_detach and remove_on_exec functions simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilte...

Red Hat Security Advisory 2023-3465-01

Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3470-01

Red Hat Security Advisory 2023-3470-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:3490: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's ...

Red Hat Security Advisory 2023-3351-01

Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3349-01

Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3350-01

Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6134-1

Ubuntu Security Notice 6134-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel did not properly perform filter deactivation in some situations. A local attacker could possibly use this to gain elevated privileges. Please note that with the fix for this CVE, kernel support for the TCINDEX classifier has been removed. It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6130-1

Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6127-1

Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

RHSA-2023:3351: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially...

Ubuntu Security Notice USN-6057-1

Ubuntu Security Notice 6057-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6040-1

Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6031-1

Ubuntu Security Notice 6031-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Integrity Measurement Architecture implementation in the Linux kernel did not properly enforce policy in certain conditions. A privileged attacker could use this to bypass Kernel lockdown restrictions.

Ubuntu Security Notice USN-6029-1

Ubuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.

Ubuntu Security Notice USN-6027-1

Ubuntu Security Notice 6027-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6024-1

Ubuntu Security Notice 6024-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lin Ma discovered a race condition in the io_uring subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6025-1

Ubuntu Security Notice 6025-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-5978-1

Ubuntu Security Notice 5978-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.

CVE-2023-1281

Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.