Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3351: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-30

Updated:

2023-05-30

RHSA-2023:3351 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

Red Hat Enterprise Linux for x86_64 8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

x86_64

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm

SHA-256: 00e1b6447655097981a19da21dc23fd606ebe96074aebc0bae06de426857e339

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm

SHA-256: 2a183f1dc170c017bdcc50b9e2b2e6b2f6458bfbc9e8cf111c100001053aefd3

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

SHA-256: b22add8a8013f67ddc63e29007e9813e73225f6a7513b3b60ea00900d1e60fbc

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

x86_64

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm

SHA-256: 00e1b6447655097981a19da21dc23fd606ebe96074aebc0bae06de426857e339

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm

SHA-256: 2a183f1dc170c017bdcc50b9e2b2e6b2f6458bfbc9e8cf111c100001053aefd3

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

SHA-256: b22add8a8013f67ddc63e29007e9813e73225f6a7513b3b60ea00900d1e60fbc

Red Hat Enterprise Linux Server - AUS 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

x86_64

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm

SHA-256: 00e1b6447655097981a19da21dc23fd606ebe96074aebc0bae06de426857e339

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm

SHA-256: 2a183f1dc170c017bdcc50b9e2b2e6b2f6458bfbc9e8cf111c100001053aefd3

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

SHA-256: b22add8a8013f67ddc63e29007e9813e73225f6a7513b3b60ea00900d1e60fbc

Red Hat Enterprise Linux for Power, little endian 8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

ppc64le

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.ppc64le.rpm

SHA-256: 06b21bf59eb1cf23bcf662f26bf33b2bfa9ca467577111cc4df4eeaabf5c934a

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.ppc64le.rpm

SHA-256: 86a94842e0f735a578417d0518f2d11b39623dc3e6f3d007892016933429a55b

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.ppc64le.rpm

SHA-256: 08301ee7438bc6d9c5bd4621cee5f399f68910e5999ebd46da090d7783224a99

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

ppc64le

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.ppc64le.rpm

SHA-256: 06b21bf59eb1cf23bcf662f26bf33b2bfa9ca467577111cc4df4eeaabf5c934a

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.ppc64le.rpm

SHA-256: 86a94842e0f735a578417d0518f2d11b39623dc3e6f3d007892016933429a55b

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.ppc64le.rpm

SHA-256: 08301ee7438bc6d9c5bd4621cee5f399f68910e5999ebd46da090d7783224a99

Red Hat Enterprise Linux Server - TUS 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

x86_64

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm

SHA-256: 00e1b6447655097981a19da21dc23fd606ebe96074aebc0bae06de426857e339

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm

SHA-256: 2a183f1dc170c017bdcc50b9e2b2e6b2f6458bfbc9e8cf111c100001053aefd3

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

SHA-256: b22add8a8013f67ddc63e29007e9813e73225f6a7513b3b60ea00900d1e60fbc

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

ppc64le

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.ppc64le.rpm

SHA-256: 06b21bf59eb1cf23bcf662f26bf33b2bfa9ca467577111cc4df4eeaabf5c934a

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.ppc64le.rpm

SHA-256: 86a94842e0f735a578417d0518f2d11b39623dc3e6f3d007892016933429a55b

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.ppc64le.rpm

SHA-256: 08301ee7438bc6d9c5bd4621cee5f399f68910e5999ebd46da090d7783224a99

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

SHA-256: f4ea0dd75fecdea52f1f8ecd3d233cf52aaba3b7f711e0bdc1df6f6f1209c6be

x86_64

kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm

SHA-256: 00e1b6447655097981a19da21dc23fd606ebe96074aebc0bae06de426857e339

kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm

SHA-256: 2a183f1dc170c017bdcc50b9e2b2e6b2f6458bfbc9e8cf111c100001053aefd3

kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

SHA-256: b22add8a8013f67ddc63e29007e9813e73225f6a7513b3b60ea00900d1e60fbc

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:5621: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3609: A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subs...

RHSA-2023:4699: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4256: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversin...

Red Hat Security Advisory 2023-4125-01

Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

RHSA-2023:4145: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-after-fr...

Ubuntu Security Notice USN-6222-1

Ubuntu Security Notice 6222-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2023-3853-01

Red Hat Security Advisory 2023-3853-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:3852: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A use-afte...

Red Hat Security Advisory 2023-3723-01

Red Hat Security Advisory 2023-3723-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3708-01

Red Hat Security Advisory 2023-3708-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3705-01

Red Hat Security Advisory 2023-3705-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6175-1

Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6150-1

Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

RHSA-2023:3490: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's ...

RHSA-2023:3470: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's udm...

Ubuntu Security Notice USN-6135-1

Ubuntu Security Notice 6135-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-3349-01

Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-3350-01

Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6130-1

Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6132-1

Ubuntu Security Notice 6132-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6131-1

Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6127-1

Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6124-1

Ubuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6123-1

Ubuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.

Ubuntu Security Notice USN-6122-1

Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.

RHSA-2023:3350: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially es...

Debian Security Advisory 5402-1

Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

CVE-2023-32233: netfilter: nf_tables: deactivate anonymous set from preparation phase · torvalds/linux@c1592a8

In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.