Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1988: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-43750: An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-25

Updated:

2023-04-25

RHSA-2023:1988 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: memory corruption in usbmon driver (CVE-2022-43750)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • dec_and_lock: module license ‘unspecified’ taints kernel. (BZ#2161435)
  • kernel-rt: update to the latest RHEL7.9.z22 source tree (BZ#2171976)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver

Red Hat Enterprise Linux for Real Time 7

SRPM

kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.src.rpm

SHA-256: d49b8313b18f11a6a6f6d601ab9235b43a877108eeee06457864864434681215

x86_64

kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 0aa9c501b28fb1f04117619ebc9849dde43fee6033d7b5f584b29f8f3804d1c4

kernel-rt-debug-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 92b2f9cfff84f56e653d4c3d813eff474db42bd0ef9cbf1cd7cad9b7b46ca608

kernel-rt-debug-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 0010088f71529efbc99ba9972d57c6974efba875cd04f5070420e1b5b80fe930

kernel-rt-debug-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 909f6a2b65b94b38f3446bee1542bccc2cc9b6ef9d71b883b6d4182dcff0b6f9

kernel-rt-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: bc4f0305bc87d555e6aceab342cc0e871b4952a5fd9eaf3775d48f781586cbb4

kernel-rt-debuginfo-common-x86_64-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 56dbda2c991d66f88b6fb4c15d1b5a1e1b15b56e8037352d33d81b1f86910fb8

kernel-rt-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: cd40e1f8944496a192415083d93e72dbcab61632ca128bbc3403f55f5d01c1f2

kernel-rt-doc-3.10.0-1160.90.1.rt56.1235.el7.noarch.rpm

SHA-256: 7eeea14478a3f78bd5e3c48307282e5d6236987f17f00690f24e851866a24c0a

kernel-rt-trace-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 02efa0e3f2066228cdd5c3d4cc94438420b19a13a11704e0a54e9b8352041602

kernel-rt-trace-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 69cec5cce51fb1d314e456cb8a0b9203d653ada6b8da5e4b52d854a5bc83ca34

kernel-rt-trace-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 10031823dcee6b4630e9d393fb4deb8074ea11a7ed241c6db74f5408bb348e6f

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM

kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.src.rpm

SHA-256: d49b8313b18f11a6a6f6d601ab9235b43a877108eeee06457864864434681215

x86_64

kernel-rt-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 0aa9c501b28fb1f04117619ebc9849dde43fee6033d7b5f584b29f8f3804d1c4

kernel-rt-debug-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 92b2f9cfff84f56e653d4c3d813eff474db42bd0ef9cbf1cd7cad9b7b46ca608

kernel-rt-debug-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 0010088f71529efbc99ba9972d57c6974efba875cd04f5070420e1b5b80fe930

kernel-rt-debug-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 909f6a2b65b94b38f3446bee1542bccc2cc9b6ef9d71b883b6d4182dcff0b6f9

kernel-rt-debug-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 734e7308965cede11f01639f1dbd17ec4e702a4271729d9d906c22418c46a3bb

kernel-rt-debug-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 32e4f50bad929f9f7328639c1189d81affca986076ddabe5fbc2e125a10915ac

kernel-rt-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: bc4f0305bc87d555e6aceab342cc0e871b4952a5fd9eaf3775d48f781586cbb4

kernel-rt-debuginfo-common-x86_64-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 56dbda2c991d66f88b6fb4c15d1b5a1e1b15b56e8037352d33d81b1f86910fb8

kernel-rt-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: cd40e1f8944496a192415083d93e72dbcab61632ca128bbc3403f55f5d01c1f2

kernel-rt-doc-3.10.0-1160.90.1.rt56.1235.el7.noarch.rpm

SHA-256: 7eeea14478a3f78bd5e3c48307282e5d6236987f17f00690f24e851866a24c0a

kernel-rt-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: ff318d27d42a147edde4621db7133ecd8ac745c5f7e94eb7c6b30be3678a4a88

kernel-rt-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 993cad0ddbc9bc5c42ecd5bd6be1e6cdddbb169108483a41c52e2a776fe71dde

kernel-rt-trace-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 02efa0e3f2066228cdd5c3d4cc94438420b19a13a11704e0a54e9b8352041602

kernel-rt-trace-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 69cec5cce51fb1d314e456cb8a0b9203d653ada6b8da5e4b52d854a5bc83ca34

kernel-rt-trace-devel-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 10031823dcee6b4630e9d393fb4deb8074ea11a7ed241c6db74f5408bb348e6f

kernel-rt-trace-kvm-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 35955660b69506c85e8b199f6ad564d5158b04e3b551ebf16fa82f3862f7c5ce

kernel-rt-trace-kvm-debuginfo-3.10.0-1160.90.1.rt56.1235.el7.x86_64.rpm

SHA-256: 7551708cb24cc840dead5d2e828463c7ea6c631c75b9af5ad76a9d68ffe8953f

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:3495: Red Hat Security Advisory: Logging Subsystem 5.7.2 - Red Hat OpenShift security update

Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...

Red Hat Security Advisory 2023-3356-01

Red Hat Security Advisory 2023-3356-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

Red Hat Security Advisory 2023-3326-01

Red Hat Security Advisory 2023-3326-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.6 images. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs.

RHSA-2023:2951: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...

RHSA-2023:2458: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...

Ubuntu Security Notice USN-5919-1

Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5913-1

Ubuntu Security Notice 5913-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5883-1

Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5877-1

Ubuntu Security Notice 5877-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5854-1

Ubuntu Security Notice 5854-1 - It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan and Ariel Sabba discovered that some Intel processors with Enhanced Indirect Branch Restricted Speculation did not properly handle RET instructions after a VM exits. A local attacker could potentially use this to expose sensitive information.

Ubuntu Security Notice USN-5793-4

Ubuntu Security Notice 5793-4 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5793-2

Ubuntu Security Notice 5793-2 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5792-2

Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5793-1

Ubuntu Security Notice 5793-1 - It was discovered that the io_uring subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

CVE-2022-41802: en/security-disclosure/2022/2022-12.md · OpenHarmony/security - Gitee.com

Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.