Headline
RHSA-2023:1988: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-43750: An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-25
Updated:
2023-04-25
RHSA-2023:1988 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: memory corruption in usbmon driver (CVE-2022-43750)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- dec_and_lock: module license ‘unspecified’ taints kernel. (BZ#2161435)
- kernel-rt: update to the latest RHEL7.9.z22 source tree (BZ#2171976)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver
Red Hat Enterprise Linux for Real Time 7
SRPM
kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.src.rpm
SHA-256: d49b8313b18f11a6a6f6d601ab9235b43a877108eeee06457864864434681215
x86_64
kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 0aa9c501b28fb1f04117619ebc9849dde43fee6033d7b5f584b29f8f3804d1c4
kernel-rt-debug-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 92b2f9cfff84f56e653d4c3d813eff474db42bd0ef9cbf1cd7cad9b7b46ca608
kernel-rt-debug-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 0010088f71529efbc99ba9972d57c6974efba875cd04f5070420e1b5b80fe930
kernel-rt-debug-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 909f6a2b65b94b38f3446bee1542bccc2cc9b6ef9d71b883b6d4182dcff0b6f9
kernel-rt-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: bc4f0305bc87d555e6aceab342cc0e871b4952a5fd9eaf3775d48f781586cbb4
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 56dbda2c991d66f88b6fb4c15d1b5a1e1b15b56e8037352d33d81b1f86910fb8
kernel-rt-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: cd40e1f8944496a192415083d93e72dbcab61632ca128bbc3403f55f5d01c1f2
kernel-rt-doc-3.10.0-1160.90.1.rt56.1235.el7.noarch.rpm
SHA-256: 7eeea14478a3f78bd5e3c48307282e5d6236987f17f00690f24e851866a24c0a
kernel-rt-trace-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 02efa0e3f2066228cdd5c3d4cc94438420b19a13a11704e0a54e9b8352041602
kernel-rt-trace-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 69cec5cce51fb1d314e456cb8a0b9203d653ada6b8da5e4b52d854a5bc83ca34
kernel-rt-trace-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 10031823dcee6b4630e9d393fb4deb8074ea11a7ed241c6db74f5408bb348e6f
Red Hat Enterprise Linux for Real Time for NFV 7
SRPM
kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.src.rpm
SHA-256: d49b8313b18f11a6a6f6d601ab9235b43a877108eeee06457864864434681215
x86_64
kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 0aa9c501b28fb1f04117619ebc9849dde43fee6033d7b5f584b29f8f3804d1c4
kernel-rt-debug-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 92b2f9cfff84f56e653d4c3d813eff474db42bd0ef9cbf1cd7cad9b7b46ca608
kernel-rt-debug-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 0010088f71529efbc99ba9972d57c6974efba875cd04f5070420e1b5b80fe930
kernel-rt-debug-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 909f6a2b65b94b38f3446bee1542bccc2cc9b6ef9d71b883b6d4182dcff0b6f9
kernel-rt-debug-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 734e7308965cede11f01639f1dbd17ec4e702a4271729d9d906c22418c46a3bb
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 32e4f50bad929f9f7328639c1189d81affca986076ddabe5fbc2e125a10915ac
kernel-rt-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: bc4f0305bc87d555e6aceab342cc0e871b4952a5fd9eaf3775d48f781586cbb4
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 56dbda2c991d66f88b6fb4c15d1b5a1e1b15b56e8037352d33d81b1f86910fb8
kernel-rt-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: cd40e1f8944496a192415083d93e72dbcab61632ca128bbc3403f55f5d01c1f2
kernel-rt-doc-3.10.0-1160.90.1.rt56.1235.el7.noarch.rpm
SHA-256: 7eeea14478a3f78bd5e3c48307282e5d6236987f17f00690f24e851866a24c0a
kernel-rt-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: ff318d27d42a147edde4621db7133ecd8ac745c5f7e94eb7c6b30be3678a4a88
kernel-rt-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 993cad0ddbc9bc5c42ecd5bd6be1e6cdddbb169108483a41c52e2a776fe71dde
kernel-rt-trace-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 02efa0e3f2066228cdd5c3d4cc94438420b19a13a11704e0a54e9b8352041602
kernel-rt-trace-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 69cec5cce51fb1d314e456cb8a0b9203d653ada6b8da5e4b52d854a5bc83ca34
kernel-rt-trace-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 10031823dcee6b4630e9d393fb4deb8074ea11a7ed241c6db74f5408bb348e6f
kernel-rt-trace-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 35955660b69506c85e8b199f6ad564d5158b04e3b551ebf16fa82f3862f7c5ce
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm
SHA-256: 7551708cb24cc840dead5d2e828463c7ea6c631c75b9af5ad76a9d68ffe8953f
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5913-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5877-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5854-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.
Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.