Headline
RHSA-2023:5221: Red Hat Security Advisory: kpatch-patch security update
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in
__ip_options_echo
and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. - CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system.
- CVE-2023-3776: A use-after-free vulnerability was found in fw_set_parms in net/sched/cls_fw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain local privilege escalation.
- CVE-2023-4004: A use-after-free flaw was found in the Linux kernel’s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
- CVE-2023-35001: An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel’s nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment.
- CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation.
Synopsis
Important: kpatch-patch security update
Type / Sévérité
Security Advisory: Important
Analyse des correctifs dans Red Hat Insights
Identifiez et remédiez aux systèmes concernés par cette alerte.
Voir les systèmes concernés
Sujet
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
- kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
- kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
- kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Produits concernés
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Correctifs
- BZ - 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
- BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
- BZ - 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb
- BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
- BZ - 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
- BZ - 2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
CVE
- CVE-2023-3090
- CVE-2023-3390
- CVE-2023-3776
- CVE-2023-4004
- CVE-2023-35001
- CVE-2023-35788
Red Hat Enterprise Linux for x86_64 8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
x86_64
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.x86_64.rpm
SHA-256: dac1e631acf3d142f366327bd76b1eb59455e770aa0e982c7d7bf6ef4e1d2971
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.x86_64.rpm
SHA-256: cef88e2a4c00f5bd7f71169dc698189064373566b0bd6c2fbd2ec1dc20ed10c8
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.x86_64.rpm
SHA-256: 25a5007a8bc71453a62766c43bd8542720cc80c6b650ed465259abce91008db1
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.x86_64.rpm
SHA-256: 463b96e5005056c4437759137ce6d53e284265527458a2973a85cac970b67f92
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 5f5d1226277a40e62dac13518c6c8b93c861abd944ac356deb36835b12c00fea
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: be07d78c806316412b00732689b9f4da9a821171b7d7e88663c5e290c77b3cd4
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.x86_64.rpm
SHA-256: 53a1830a6a04501984a5334ac72ba684808052373ac826145ed36398dbecf694
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 39feba4a66cf3f208e9c52758ca4e127e55d7c69084a7064ed4cb110c8b9e507
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: e6a61781b1adff3dd1a6f20e71f43d828f9759aea36f9342997782d68904d880
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.x86_64.rpm
SHA-256: f5cec352a9e1c99a35cc0412b0949301170a08aacf0247a813d60e31f92e66d8
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.x86_64.rpm
SHA-256: a553c86c89fb45547fb8107f7f96ddb6fd10d7bfec6874006ee9d961acc89b2e
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.x86_64.rpm
SHA-256: eb72dffc2706e55cdad35faecf15d592af34f727ab84d5b64ce12bc887c9912e
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
x86_64
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.x86_64.rpm
SHA-256: dac1e631acf3d142f366327bd76b1eb59455e770aa0e982c7d7bf6ef4e1d2971
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.x86_64.rpm
SHA-256: cef88e2a4c00f5bd7f71169dc698189064373566b0bd6c2fbd2ec1dc20ed10c8
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.x86_64.rpm
SHA-256: 25a5007a8bc71453a62766c43bd8542720cc80c6b650ed465259abce91008db1
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.x86_64.rpm
SHA-256: 463b96e5005056c4437759137ce6d53e284265527458a2973a85cac970b67f92
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 5f5d1226277a40e62dac13518c6c8b93c861abd944ac356deb36835b12c00fea
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: be07d78c806316412b00732689b9f4da9a821171b7d7e88663c5e290c77b3cd4
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.x86_64.rpm
SHA-256: 53a1830a6a04501984a5334ac72ba684808052373ac826145ed36398dbecf694
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 39feba4a66cf3f208e9c52758ca4e127e55d7c69084a7064ed4cb110c8b9e507
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: e6a61781b1adff3dd1a6f20e71f43d828f9759aea36f9342997782d68904d880
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.x86_64.rpm
SHA-256: f5cec352a9e1c99a35cc0412b0949301170a08aacf0247a813d60e31f92e66d8
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.x86_64.rpm
SHA-256: a553c86c89fb45547fb8107f7f96ddb6fd10d7bfec6874006ee9d961acc89b2e
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.x86_64.rpm
SHA-256: eb72dffc2706e55cdad35faecf15d592af34f727ab84d5b64ce12bc887c9912e
Red Hat Enterprise Linux for Power, little endian 8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
ppc64le
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.ppc64le.rpm
SHA-256: 2ccda2bace1a6dc4374cb7ec170f986de892836f72b3f75fb586a9ae5f58a8a8
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.ppc64le.rpm
SHA-256: 8205031b5fa42df8a3684c53c7ca9cc8e517ef758d510e2a7389d63d42f8bb36
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.ppc64le.rpm
SHA-256: 7666c8371f9708cb8736443db02fed15f72313347e39f4d0be357f7390271e27
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.ppc64le.rpm
SHA-256: 6f41c5b93ff79ec5123bf0106b61a931e9376856ebbd8464738ade343e2321a1
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 7bdbb70c118f4eca202f3e73f24d53671b3b901db406a6916344ee05bb3ebcd6
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 5c8b13ab2f1e01f8683ec8267fdccf9bd04e10f33d27a2da01d59cbc147a923e
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.ppc64le.rpm
SHA-256: 926c16ceebf7607b53940dc42c7f118f3791f162b8a342c93bb0712692de515b
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 466417779e1432faf41f3e9de87523b411abec824c995ec87b6a1ec7710b81dc
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 47b9ce00da93c9627b59fa6e783b78586e2ca33fed84f58eb5111ae325b7cf9b
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.ppc64le.rpm
SHA-256: d21d56e25b2769831303bd0694b20ecfb305854068074cc818005481cc61dd3c
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.ppc64le.rpm
SHA-256: 2812ce4126ae9ca83135e467213b246f62aaf36d8d90ff109118da5f1f46e1cd
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.ppc64le.rpm
SHA-256: c01f70bfba9581fee55f65ff3c4486799527dde01fbeab0bad1ebf90c823f21b
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
ppc64le
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.ppc64le.rpm
SHA-256: 2ccda2bace1a6dc4374cb7ec170f986de892836f72b3f75fb586a9ae5f58a8a8
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.ppc64le.rpm
SHA-256: 8205031b5fa42df8a3684c53c7ca9cc8e517ef758d510e2a7389d63d42f8bb36
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.ppc64le.rpm
SHA-256: 7666c8371f9708cb8736443db02fed15f72313347e39f4d0be357f7390271e27
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.ppc64le.rpm
SHA-256: 6f41c5b93ff79ec5123bf0106b61a931e9376856ebbd8464738ade343e2321a1
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 7bdbb70c118f4eca202f3e73f24d53671b3b901db406a6916344ee05bb3ebcd6
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 5c8b13ab2f1e01f8683ec8267fdccf9bd04e10f33d27a2da01d59cbc147a923e
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.ppc64le.rpm
SHA-256: 926c16ceebf7607b53940dc42c7f118f3791f162b8a342c93bb0712692de515b
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 466417779e1432faf41f3e9de87523b411abec824c995ec87b6a1ec7710b81dc
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 47b9ce00da93c9627b59fa6e783b78586e2ca33fed84f58eb5111ae325b7cf9b
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.ppc64le.rpm
SHA-256: d21d56e25b2769831303bd0694b20ecfb305854068074cc818005481cc61dd3c
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.ppc64le.rpm
SHA-256: 2812ce4126ae9ca83135e467213b246f62aaf36d8d90ff109118da5f1f46e1cd
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.ppc64le.rpm
SHA-256: c01f70bfba9581fee55f65ff3c4486799527dde01fbeab0bad1ebf90c823f21b
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
x86_64
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.x86_64.rpm
SHA-256: dac1e631acf3d142f366327bd76b1eb59455e770aa0e982c7d7bf6ef4e1d2971
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.x86_64.rpm
SHA-256: cef88e2a4c00f5bd7f71169dc698189064373566b0bd6c2fbd2ec1dc20ed10c8
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.x86_64.rpm
SHA-256: 25a5007a8bc71453a62766c43bd8542720cc80c6b650ed465259abce91008db1
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.x86_64.rpm
SHA-256: 463b96e5005056c4437759137ce6d53e284265527458a2973a85cac970b67f92
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 5f5d1226277a40e62dac13518c6c8b93c861abd944ac356deb36835b12c00fea
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: be07d78c806316412b00732689b9f4da9a821171b7d7e88663c5e290c77b3cd4
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.x86_64.rpm
SHA-256: 53a1830a6a04501984a5334ac72ba684808052373ac826145ed36398dbecf694
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 39feba4a66cf3f208e9c52758ca4e127e55d7c69084a7064ed4cb110c8b9e507
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: e6a61781b1adff3dd1a6f20e71f43d828f9759aea36f9342997782d68904d880
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.x86_64.rpm
SHA-256: f5cec352a9e1c99a35cc0412b0949301170a08aacf0247a813d60e31f92e66d8
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.x86_64.rpm
SHA-256: a553c86c89fb45547fb8107f7f96ddb6fd10d7bfec6874006ee9d961acc89b2e
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.x86_64.rpm
SHA-256: eb72dffc2706e55cdad35faecf15d592af34f727ab84d5b64ce12bc887c9912e
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
ppc64le
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.ppc64le.rpm
SHA-256: 2ccda2bace1a6dc4374cb7ec170f986de892836f72b3f75fb586a9ae5f58a8a8
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.ppc64le.rpm
SHA-256: 8205031b5fa42df8a3684c53c7ca9cc8e517ef758d510e2a7389d63d42f8bb36
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.ppc64le.rpm
SHA-256: 7666c8371f9708cb8736443db02fed15f72313347e39f4d0be357f7390271e27
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.ppc64le.rpm
SHA-256: 6f41c5b93ff79ec5123bf0106b61a931e9376856ebbd8464738ade343e2321a1
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 7bdbb70c118f4eca202f3e73f24d53671b3b901db406a6916344ee05bb3ebcd6
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 5c8b13ab2f1e01f8683ec8267fdccf9bd04e10f33d27a2da01d59cbc147a923e
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.ppc64le.rpm
SHA-256: 926c16ceebf7607b53940dc42c7f118f3791f162b8a342c93bb0712692de515b
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.ppc64le.rpm
SHA-256: 466417779e1432faf41f3e9de87523b411abec824c995ec87b6a1ec7710b81dc
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.ppc64le.rpm
SHA-256: 47b9ce00da93c9627b59fa6e783b78586e2ca33fed84f58eb5111ae325b7cf9b
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.ppc64le.rpm
SHA-256: d21d56e25b2769831303bd0694b20ecfb305854068074cc818005481cc61dd3c
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.ppc64le.rpm
SHA-256: 2812ce4126ae9ca83135e467213b246f62aaf36d8d90ff109118da5f1f46e1cd
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.ppc64le.rpm
SHA-256: c01f70bfba9581fee55f65ff3c4486799527dde01fbeab0bad1ebf90c823f21b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.src.rpm
SHA-256: 1453cb00fcb164792a19cd10fc54843c5f9e9d2d8ff900c61a987af7cb8efc03
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.src.rpm
SHA-256: 4771b9b03b1994f7979e0327d557db0fd841ccb3c94e3ae968f1bd8d917401d7
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.src.rpm
SHA-256: 871e815b3385ddc340382b13f3eee2ab0a0e8da1392f96dda2eb33e32cd7b833
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.src.rpm
SHA-256: 8234ec5cb9f453e3fd69b8c74119bfcdb2f9953aad8655b4fef362d34219bfa0
x86_64
kpatch-patch-4_18_0-477_10_1-1-3.el8_8.x86_64.rpm
SHA-256: dac1e631acf3d142f366327bd76b1eb59455e770aa0e982c7d7bf6ef4e1d2971
kpatch-patch-4_18_0-477_10_1-debuginfo-1-3.el8_8.x86_64.rpm
SHA-256: cef88e2a4c00f5bd7f71169dc698189064373566b0bd6c2fbd2ec1dc20ed10c8
kpatch-patch-4_18_0-477_10_1-debugsource-1-3.el8_8.x86_64.rpm
SHA-256: 25a5007a8bc71453a62766c43bd8542720cc80c6b650ed465259abce91008db1
kpatch-patch-4_18_0-477_13_1-1-2.el8_8.x86_64.rpm
SHA-256: 463b96e5005056c4437759137ce6d53e284265527458a2973a85cac970b67f92
kpatch-patch-4_18_0-477_13_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 5f5d1226277a40e62dac13518c6c8b93c861abd944ac356deb36835b12c00fea
kpatch-patch-4_18_0-477_13_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: be07d78c806316412b00732689b9f4da9a821171b7d7e88663c5e290c77b3cd4
kpatch-patch-4_18_0-477_15_1-1-2.el8_8.x86_64.rpm
SHA-256: 53a1830a6a04501984a5334ac72ba684808052373ac826145ed36398dbecf694
kpatch-patch-4_18_0-477_15_1-debuginfo-1-2.el8_8.x86_64.rpm
SHA-256: 39feba4a66cf3f208e9c52758ca4e127e55d7c69084a7064ed4cb110c8b9e507
kpatch-patch-4_18_0-477_15_1-debugsource-1-2.el8_8.x86_64.rpm
SHA-256: e6a61781b1adff3dd1a6f20e71f43d828f9759aea36f9342997782d68904d880
kpatch-patch-4_18_0-477_21_1-1-1.el8_8.x86_64.rpm
SHA-256: f5cec352a9e1c99a35cc0412b0949301170a08aacf0247a813d60e31f92e66d8
kpatch-patch-4_18_0-477_21_1-debuginfo-1-1.el8_8.x86_64.rpm
SHA-256: a553c86c89fb45547fb8107f7f96ddb6fd10d7bfec6874006ee9d961acc89b2e
kpatch-patch-4_18_0-477_21_1-debugsource-1-1.el8_8.x86_64.rpm
SHA-256: eb72dffc2706e55cdad35faecf15d592af34f727ab84d5b64ce12bc887c9912e
Related news
Red Hat Security Advisory 2024-1831-03 - An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-0262-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7417-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7294-01 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.
Red Hat Security Advisory 2023-5794-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5628-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5575-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1206: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. * CVE-2...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3090: A flaw was found in the IPVLAN network driver in the Linux kernel. This issue is caused by missing skb->cb initialization in `__ip_options_echo` and can lead to an out-of-bounds write stack overflow. This may allow a local user to cause a denial of service or potentially achieve local privilege escalation. * CVE-202...
Red Hat Security Advisory 2023-5414-01 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important.
Ubuntu Security Notice 6385-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.
Red Hat Security Advisory 2023-5238-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-5221-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their p...
Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. * CVE...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. * CVE...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. * CVE...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. * CVE...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1637: A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a local user unauthorized access to memory from the CPU. * CVE-2023-3390: A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can...
Ubuntu Security Notice 6357-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.
It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.
Ubuntu Security Notice 6348-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6346-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6342-1 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6341-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the IEEE 1394 implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6332-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 6331-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.
Ubuntu Security Notice 6330-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6329-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Red Hat Security Advisory 2023-4888-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.
Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6318-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6316-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.
Ubuntu Security Notice 6309-1 - Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the HFS+ file system implementation in the Linux kernel. A local attacker could possibly use this to cause a denial of service.
Red Hat Security Advisory 2023-4834-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-4817-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4814-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user...
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1353: A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. * CVE-2022-39188: A flaw was found in include/asm-generic/tlb.h in the Linux ...
Red Hat Security Advisory 2023-4698-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-4697-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...
Red Hat Security Advisory 2023-4380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2023-4380-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45869: A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled. * CVE-2023-0458: A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() ...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45869: A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled. * CVE-2023-0458: A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() ...
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6261-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Debian Linux Security Advisory 5461-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.
Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6250-1 - Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.
Debian Linux Security Advisory 5453-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
Ubuntu Security Notice 6212-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.