Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5575: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-4128: A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.
  • CVE-2023-31248: A use-after-free flaw was found in the Linux kernel’s Netfilter module in net/netfilter/nf_tables_api.c in nft_chain_lookup_byid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup.
  • CVE-2023-35001: An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel’s nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment.
  • CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#rpm#sap

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)
  • kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
  • kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
  • BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
  • BZ - 2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
  • BZ - 2225511 - CVE-2023-4128 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

CVEs

  • CVE-2023-4128
  • CVE-2023-31248
  • CVE-2023-35001
  • CVE-2023-35788

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.src.rpm

SHA-256: 2138618a492f596821d10097fc17a80c77ca7f7d2a495e9c87b25c3b3b6fbecd

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.src.rpm

SHA-256: 5511aef6d403fcb9b5160f6ae86e0824d97d222c754c7c6aa5cf856017190ecf

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.src.rpm

SHA-256: 0607cdce5c1baff28795539e1c27198ab0b11c60a340f2ce4e839557549b6049

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.src.rpm

SHA-256: 1330dcb01f1d736781567befd76491c8497ebd759caf6d2fe50308af363c85d4

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.src.rpm

SHA-256: 304f57d4029de3d518dfcee928e19743ca0b915bcd012bf0617fa531c8d21b48

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.src.rpm

SHA-256: 3e864239710271c7c71f8b1f3334fa448eacdc0ac4f11901555e0514854dc3ad

x86_64

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.x86_64.rpm

SHA-256: 0c95c6fcafee3adb45a97650724a556ec8470f4bf6d54839a60cc96686c6701e

kpatch-patch-5_14_0-70_49_1-debuginfo-1-6.el9_0.x86_64.rpm

SHA-256: 3c81c9bc39ab462e4df03d61dd27e4c14f5d847013888e74679b088272ccf944

kpatch-patch-5_14_0-70_49_1-debugsource-1-6.el9_0.x86_64.rpm

SHA-256: fdb0a27f28eaa122298db67275bf37e9926ccbf653f25493f2fed9a4b08ea3ec

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.x86_64.rpm

SHA-256: 521238309e1d53ab99ac81a3cff181e69be2b02f5162b9cbe2ea2141f081ad57

kpatch-patch-5_14_0-70_50_2-debuginfo-1-5.el9_0.x86_64.rpm

SHA-256: 5290c8cd7631fc4032b3973d102acd30b54ac033072a107e2a46fe621c172261

kpatch-patch-5_14_0-70_50_2-debugsource-1-5.el9_0.x86_64.rpm

SHA-256: 4fbb592c3ba19f6f5015677a072302d8087df6950b8c7b28838578ea27488b22

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.x86_64.rpm

SHA-256: 3e58d975693ff9a75712b766959f7d4ed47779e6252fef0b84a7e2f1f3e1218c

kpatch-patch-5_14_0-70_53_1-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: 585480caa1f8e2c0b1842ea1c2caecd30f0997d12b06f8fed384c9ddbb0b9a60

kpatch-patch-5_14_0-70_53_1-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: dad3b125a34249d15449b5902923f895473c12b57066d83759be978602eeacac

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.x86_64.rpm

SHA-256: db6c4ead9de87e6dc5a8ac3180950d56aea5e4053fbd2a9f0f19448932df0064

kpatch-patch-5_14_0-70_58_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: 24870aaa15a43dd3df0114db03939dc9758d2a3e2f6ad6f209cbbc295e076f00

kpatch-patch-5_14_0-70_58_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 7cab03c31c500d5e21d269a403b8182e25f9b0706398ad271535df4940188daf

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.x86_64.rpm

SHA-256: edf1eb7ac7d38dec83f0d65de640f70c907e33f455a0e5fb71a17bb5ae3c54fd

kpatch-patch-5_14_0-70_64_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 83f55e863da242e3feb2ae8e95bde95d53d336405946b29736b72b54e0f2c962

kpatch-patch-5_14_0-70_64_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: afb41a0f5b9bcdd1994d4ec3601b4aa6f3f885ae2e47a30fa827e555fb243b91

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.x86_64.rpm

SHA-256: a9b47afd2c5f406bec6668f77e6093ec210381ab38836d419c5483146e67578f

kpatch-patch-5_14_0-70_70_1-debuginfo-1-1.el9_0.x86_64.rpm

SHA-256: 6c3bdb79c41ba465b728845e50bda37bd3ed2d76a8ebf5b11e5b3f8053a21089

kpatch-patch-5_14_0-70_70_1-debugsource-1-1.el9_0.x86_64.rpm

SHA-256: 1f7d2bc9af0044c8ac2934d1c930cdaa0cc26d2f66f38981361d15e30c3a5d7d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.src.rpm

SHA-256: 2138618a492f596821d10097fc17a80c77ca7f7d2a495e9c87b25c3b3b6fbecd

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.src.rpm

SHA-256: 5511aef6d403fcb9b5160f6ae86e0824d97d222c754c7c6aa5cf856017190ecf

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.src.rpm

SHA-256: 0607cdce5c1baff28795539e1c27198ab0b11c60a340f2ce4e839557549b6049

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.src.rpm

SHA-256: 1330dcb01f1d736781567befd76491c8497ebd759caf6d2fe50308af363c85d4

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.src.rpm

SHA-256: 304f57d4029de3d518dfcee928e19743ca0b915bcd012bf0617fa531c8d21b48

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.src.rpm

SHA-256: 3e864239710271c7c71f8b1f3334fa448eacdc0ac4f11901555e0514854dc3ad

ppc64le

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.ppc64le.rpm

SHA-256: 96357bf718fae7ae5050fe0633e2a4e3df355278c7296b5260f0b6000c8e5723

kpatch-patch-5_14_0-70_49_1-debuginfo-1-6.el9_0.ppc64le.rpm

SHA-256: ea81507b528b40ff818c22e3730db133fb435365d6f6636039ca586574ce0238

kpatch-patch-5_14_0-70_49_1-debugsource-1-6.el9_0.ppc64le.rpm

SHA-256: 320305e6e76781ac870959bd61693ee96efe820d63bf61cce0d5eb4d5bbc555f

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.ppc64le.rpm

SHA-256: 69b9b864b68b4672ca14233bc4a8d734d257334ddb1fa39e1307b22fb51dc14d

kpatch-patch-5_14_0-70_50_2-debuginfo-1-5.el9_0.ppc64le.rpm

SHA-256: 26f22c150e6f070eeb9c92f60996e576c028ec8f0d25b4c9532a54fcbb20565f

kpatch-patch-5_14_0-70_50_2-debugsource-1-5.el9_0.ppc64le.rpm

SHA-256: f5c74e3a4bea28002500fa77234162ee068f6891c2348361f989ebe8ed71bb99

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.ppc64le.rpm

SHA-256: 0e98e02651379a7abb017ca86ed1c0b31ee099c930b350697489c6899eba7f41

kpatch-patch-5_14_0-70_53_1-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: f100149c572391761263e08a0c2a8939768b6cdfa77f088f23d9112a83ee242d

kpatch-patch-5_14_0-70_53_1-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: edaa795acaebc5eaa975a2767f37c747d39449e619da4f70c7da197dfcef5ca8

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.ppc64le.rpm

SHA-256: 0baede863246e3fc5ce7844cac0a3496e92140ae2bc3d2836b15f87420a95297

kpatch-patch-5_14_0-70_58_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 2922d8255716e0be41cc9586cccf95eef922854f232d4af5c7654a66fe9bb4fb

kpatch-patch-5_14_0-70_58_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: 539b149a424d30bbde91c76d5ec8b49242553959f6f0ff934c2ad5f46824cf9a

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.ppc64le.rpm

SHA-256: 6f05dd7adc1546e00b0ee0eea377f18d9c8fdbe7f5d3728c10dfeed65d7987c6

kpatch-patch-5_14_0-70_64_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: b29a17416ea1d68b201ef8531f997d111a613c29f21f9b917d23773ac165f740

kpatch-patch-5_14_0-70_64_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: d842514abe64d5b1d23dcd23c8c393544b00d01056c268249fab72456cb4ec72

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.ppc64le.rpm

SHA-256: d8226ffa346133b3b7a617d415db181cc8922ff1a8d15deb93aff3ce5bc3514b

kpatch-patch-5_14_0-70_70_1-debuginfo-1-1.el9_0.ppc64le.rpm

SHA-256: 39d833da0cf581ecc06f3df92585ab659eb3006f7afd494cad53cf320b70e8b7

kpatch-patch-5_14_0-70_70_1-debugsource-1-1.el9_0.ppc64le.rpm

SHA-256: 3fd72f98020543f9d64540319d31adcbc453ee3dad5e29f0e25c3174712c4c6f

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.src.rpm

SHA-256: 2138618a492f596821d10097fc17a80c77ca7f7d2a495e9c87b25c3b3b6fbecd

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.src.rpm

SHA-256: 5511aef6d403fcb9b5160f6ae86e0824d97d222c754c7c6aa5cf856017190ecf

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.src.rpm

SHA-256: 0607cdce5c1baff28795539e1c27198ab0b11c60a340f2ce4e839557549b6049

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.src.rpm

SHA-256: 1330dcb01f1d736781567befd76491c8497ebd759caf6d2fe50308af363c85d4

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.src.rpm

SHA-256: 304f57d4029de3d518dfcee928e19743ca0b915bcd012bf0617fa531c8d21b48

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.src.rpm

SHA-256: 3e864239710271c7c71f8b1f3334fa448eacdc0ac4f11901555e0514854dc3ad

ppc64le

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.ppc64le.rpm

SHA-256: 96357bf718fae7ae5050fe0633e2a4e3df355278c7296b5260f0b6000c8e5723

kpatch-patch-5_14_0-70_49_1-debuginfo-1-6.el9_0.ppc64le.rpm

SHA-256: ea81507b528b40ff818c22e3730db133fb435365d6f6636039ca586574ce0238

kpatch-patch-5_14_0-70_49_1-debugsource-1-6.el9_0.ppc64le.rpm

SHA-256: 320305e6e76781ac870959bd61693ee96efe820d63bf61cce0d5eb4d5bbc555f

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.ppc64le.rpm

SHA-256: 69b9b864b68b4672ca14233bc4a8d734d257334ddb1fa39e1307b22fb51dc14d

kpatch-patch-5_14_0-70_50_2-debuginfo-1-5.el9_0.ppc64le.rpm

SHA-256: 26f22c150e6f070eeb9c92f60996e576c028ec8f0d25b4c9532a54fcbb20565f

kpatch-patch-5_14_0-70_50_2-debugsource-1-5.el9_0.ppc64le.rpm

SHA-256: f5c74e3a4bea28002500fa77234162ee068f6891c2348361f989ebe8ed71bb99

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.ppc64le.rpm

SHA-256: 0e98e02651379a7abb017ca86ed1c0b31ee099c930b350697489c6899eba7f41

kpatch-patch-5_14_0-70_53_1-debuginfo-1-4.el9_0.ppc64le.rpm

SHA-256: f100149c572391761263e08a0c2a8939768b6cdfa77f088f23d9112a83ee242d

kpatch-patch-5_14_0-70_53_1-debugsource-1-4.el9_0.ppc64le.rpm

SHA-256: edaa795acaebc5eaa975a2767f37c747d39449e619da4f70c7da197dfcef5ca8

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.ppc64le.rpm

SHA-256: 0baede863246e3fc5ce7844cac0a3496e92140ae2bc3d2836b15f87420a95297

kpatch-patch-5_14_0-70_58_1-debuginfo-1-3.el9_0.ppc64le.rpm

SHA-256: 2922d8255716e0be41cc9586cccf95eef922854f232d4af5c7654a66fe9bb4fb

kpatch-patch-5_14_0-70_58_1-debugsource-1-3.el9_0.ppc64le.rpm

SHA-256: 539b149a424d30bbde91c76d5ec8b49242553959f6f0ff934c2ad5f46824cf9a

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.ppc64le.rpm

SHA-256: 6f05dd7adc1546e00b0ee0eea377f18d9c8fdbe7f5d3728c10dfeed65d7987c6

kpatch-patch-5_14_0-70_64_1-debuginfo-1-2.el9_0.ppc64le.rpm

SHA-256: b29a17416ea1d68b201ef8531f997d111a613c29f21f9b917d23773ac165f740

kpatch-patch-5_14_0-70_64_1-debugsource-1-2.el9_0.ppc64le.rpm

SHA-256: d842514abe64d5b1d23dcd23c8c393544b00d01056c268249fab72456cb4ec72

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.ppc64le.rpm

SHA-256: d8226ffa346133b3b7a617d415db181cc8922ff1a8d15deb93aff3ce5bc3514b

kpatch-patch-5_14_0-70_70_1-debuginfo-1-1.el9_0.ppc64le.rpm

SHA-256: 39d833da0cf581ecc06f3df92585ab659eb3006f7afd494cad53cf320b70e8b7

kpatch-patch-5_14_0-70_70_1-debugsource-1-1.el9_0.ppc64le.rpm

SHA-256: 3fd72f98020543f9d64540319d31adcbc453ee3dad5e29f0e25c3174712c4c6f

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.src.rpm

SHA-256: 2138618a492f596821d10097fc17a80c77ca7f7d2a495e9c87b25c3b3b6fbecd

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.src.rpm

SHA-256: 5511aef6d403fcb9b5160f6ae86e0824d97d222c754c7c6aa5cf856017190ecf

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.src.rpm

SHA-256: 0607cdce5c1baff28795539e1c27198ab0b11c60a340f2ce4e839557549b6049

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.src.rpm

SHA-256: 1330dcb01f1d736781567befd76491c8497ebd759caf6d2fe50308af363c85d4

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.src.rpm

SHA-256: 304f57d4029de3d518dfcee928e19743ca0b915bcd012bf0617fa531c8d21b48

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.src.rpm

SHA-256: 3e864239710271c7c71f8b1f3334fa448eacdc0ac4f11901555e0514854dc3ad

x86_64

kpatch-patch-5_14_0-70_49_1-1-6.el9_0.x86_64.rpm

SHA-256: 0c95c6fcafee3adb45a97650724a556ec8470f4bf6d54839a60cc96686c6701e

kpatch-patch-5_14_0-70_49_1-debuginfo-1-6.el9_0.x86_64.rpm

SHA-256: 3c81c9bc39ab462e4df03d61dd27e4c14f5d847013888e74679b088272ccf944

kpatch-patch-5_14_0-70_49_1-debugsource-1-6.el9_0.x86_64.rpm

SHA-256: fdb0a27f28eaa122298db67275bf37e9926ccbf653f25493f2fed9a4b08ea3ec

kpatch-patch-5_14_0-70_50_2-1-5.el9_0.x86_64.rpm

SHA-256: 521238309e1d53ab99ac81a3cff181e69be2b02f5162b9cbe2ea2141f081ad57

kpatch-patch-5_14_0-70_50_2-debuginfo-1-5.el9_0.x86_64.rpm

SHA-256: 5290c8cd7631fc4032b3973d102acd30b54ac033072a107e2a46fe621c172261

kpatch-patch-5_14_0-70_50_2-debugsource-1-5.el9_0.x86_64.rpm

SHA-256: 4fbb592c3ba19f6f5015677a072302d8087df6950b8c7b28838578ea27488b22

kpatch-patch-5_14_0-70_53_1-1-4.el9_0.x86_64.rpm

SHA-256: 3e58d975693ff9a75712b766959f7d4ed47779e6252fef0b84a7e2f1f3e1218c

kpatch-patch-5_14_0-70_53_1-debuginfo-1-4.el9_0.x86_64.rpm

SHA-256: 585480caa1f8e2c0b1842ea1c2caecd30f0997d12b06f8fed384c9ddbb0b9a60

kpatch-patch-5_14_0-70_53_1-debugsource-1-4.el9_0.x86_64.rpm

SHA-256: dad3b125a34249d15449b5902923f895473c12b57066d83759be978602eeacac

kpatch-patch-5_14_0-70_58_1-1-3.el9_0.x86_64.rpm

SHA-256: db6c4ead9de87e6dc5a8ac3180950d56aea5e4053fbd2a9f0f19448932df0064

kpatch-patch-5_14_0-70_58_1-debuginfo-1-3.el9_0.x86_64.rpm

SHA-256: 24870aaa15a43dd3df0114db03939dc9758d2a3e2f6ad6f209cbbc295e076f00

kpatch-patch-5_14_0-70_58_1-debugsource-1-3.el9_0.x86_64.rpm

SHA-256: 7cab03c31c500d5e21d269a403b8182e25f9b0706398ad271535df4940188daf

kpatch-patch-5_14_0-70_64_1-1-2.el9_0.x86_64.rpm

SHA-256: edf1eb7ac7d38dec83f0d65de640f70c907e33f455a0e5fb71a17bb5ae3c54fd

kpatch-patch-5_14_0-70_64_1-debuginfo-1-2.el9_0.x86_64.rpm

SHA-256: 83f55e863da242e3feb2ae8e95bde95d53d336405946b29736b72b54e0f2c962

kpatch-patch-5_14_0-70_64_1-debugsource-1-2.el9_0.x86_64.rpm

SHA-256: afb41a0f5b9bcdd1994d4ec3601b4aa6f3f885ae2e47a30fa827e555fb243b91

kpatch-patch-5_14_0-70_70_1-1-1.el9_0.x86_64.rpm

SHA-256: a9b47afd2c5f406bec6668f77e6093ec210381ab38836d419c5483146e67578f

kpatch-patch-5_14_0-70_70_1-debuginfo-1-1.el9_0.x86_64.rpm

SHA-256: 6c3bdb79c41ba465b728845e50bda37bd3ed2d76a8ebf5b11e5b3f8053a21089

kpatch-patch-5_14_0-70_70_1-debugsource-1-1.el9_0.x86_64.rpm

SHA-256: 1f7d2bc9af0044c8ac2934d1c930cdaa0cc26d2f66f38981361d15e30c3a5d7d

Related news

Red Hat Security Advisory 2024-1278-03

Red Hat Security Advisory 2024-1278-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include out of bounds write and use-after-free vulnerabilities.

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Red Hat Security Advisory 2023-7424-01

Red Hat Security Advisory 2023-7424-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7077-01

Red Hat Security Advisory 2023-7077-01 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, denial of service, double free, information leakage, memory leak, null pointer, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5775-01

Red Hat Security Advisory 2023-5775-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-5628-01

Red Hat Security Advisory 2023-5628-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5621-01

Red Hat Security Advisory 2023-5621-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5603-01

Red Hat Security Advisory 2023-5603-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5580-01

Red Hat Security Advisory 2023-5580-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-5575-01

Red Hat Security Advisory 2023-5575-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.

RHSA-2023:5628: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1095: A NULL pointer dereference flaw was found in the Linux kernel’s netfilter subsystem. The issue could occur due to an error in nf_tables_updtable while freeing a transaction o...

RHSA-2023:5603: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1206: A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. * CVE-2...

RHSA-2023:5588: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42896: A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute...

Ubuntu Security Notice USN-6396-2

Ubuntu Security Notice 6396-2 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information.

Ubuntu Security Notice USN-6386-2

Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6387-2

Ubuntu Security Notice 6387-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6387-1

Ubuntu Security Notice 6387-1 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-5233-01

Red Hat Security Advisory 2023-5233-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.4 images.

RHSA-2023:5233: Red Hat Security Advisory: OpenShift Virtualization 4.13.4 security and bug fix update

Red Hat OpenShift Virtualization release 4.13.4 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

Red Hat Security Advisory 2023-5091-01

Red Hat Security Advisory 2023-5091-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, information leakage, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5093-01

Red Hat Security Advisory 2023-5093-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Debian Security Advisory 5492-1

Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6343-1

Ubuntu Security Notice 6343-1 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Ross Lagerwall discovered that the Xen netback backend driver in the Linux kernel did not properly handle certain unusual packets from a paravirtualized network frontend, leading to a buffer overflow. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-4962-01

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:4962: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can...

Red Hat Security Advisory 2023-4834-01

Red Hat Security Advisory 2023-4834-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2023-4815-01

Red Hat Security Advisory 2023-4815-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and out of bounds write vulnerabilities.

RHSA-2023:4817: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2124: An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-3090: A flaw was found in the IPVLAN netwo...

RHSA-2023:4698: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35788: A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, poten...

Debian Security Advisory 5480-1

Debian Linux Security Advisory 5480-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6285-1

Ubuntu Security Notice 6285-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6285-1

Ubuntu Security Notice 6285-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

RHSA-2023:4515: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1829: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege esca...

Ubuntu Security Notice USN-6260-1

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6260-1

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6255-1

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6254-1

Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6248-1

Ubuntu Security Notice 6248-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6248-1

Ubuntu Security Notice 6248-1 - It was discovered that the network queuing discipline implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in Adreno GPU DRM driver in the Linux kernel, leading to a double-free vulnerability. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6247-1

Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6247-1

Ubuntu Security Notice 6247-1 - David Leadbeater discovered that the netfilter IRC protocol tracking implementation in the Linux Kernel incorrectly handled certain message payloads in some situations. A remote attacker could possibly use this to cause a denial of service or bypass firewall filtering. It was discovered that the IDT 77252 ATM PCI device driver in the Linux kernel did not properly remove any pending timers during device exit, resulting in a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6246-1

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6246-1

Ubuntu Security Notice 6246-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6235-1

Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.

Debian Security Advisory 5453-1

Debian Linux Security Advisory 5453-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice USN-6220-1

Ubuntu Security Notice 6220-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.

Ubuntu Security Notice USN-6206-1

Ubuntu Security Notice 6206-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service.

CVE-2023-31248: do not ignore genmask when looking up chain by id

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

Ubuntu Security Notice USN-6194-1

Ubuntu Security Notice 6194-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6192-1

Ubuntu Security Notice 6192-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Xingyuan Mo and Gengjia Chen discovered that the io_uring subsystem in the Linux kernel did not properly handle locking when IOPOLL mode is being used. A local attacker could use this to cause a denial of service.