Headline
RHSA-2023:1556: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue.
- CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-04
Updated:
2023-04-04
RHSA-2023:1556 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
- kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt RHEL-8.4: disable KASAN, KCSAN and UBSAN for kernel-rt (BZ#2165124)
- kernel-rt: update RT source tree to the RHEL-8.4.z16 source tree (async) (BZ#2183403)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
- BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
SRPM
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm
SHA-256: 0b4e20d8d815dfb817a24e18a3a44b54a5ff05887144e3fbc91d7d5abc9463bf
x86_64
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 0c0c9ad192d0a3c8e69c65945a41a113b92240b0445065b5f1479005e37a5b1d
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 631c9f39216bd5dbe72b8b219e63cbe83360f130ee674992edfca584b941eb8f
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 526ec7997865d71fe7000c271a9a26406ac43c0070cc5bc4777b81fa7e8e6f34
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 91eec11f591c6354a99bc5c369529526a7dc8d3bd09406e3dba25cf2af7ff01c
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 79500cc02ea0e1b43512a00564b13ae4c488e2edebd79eebaad716dd6a26a89a
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 19358f8e53053878f214fdf9a2003b8f7db3b12a2d139fa71238ec4ead5342e9
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: c896002ad9aa58b184b69c0657bc373fb46403d3f0b8a89abb6470b53e3c549f
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 00066d3dbf8e5a4b5a6a038f6c58113aa1aec084faf776439fc7e6f4382809e7
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 5beefec734236bc68b43c538587a27c72f8653f3d7e7e2d18bef5f7ac6f9e6ab
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: aa6d1f301b379262798fcdc6b34fa87eb510d62781e626317a744655fde637e9
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 0e94c0477e1544f9563c7ee5ed6c29d4d22c8f3a8732d944eca18a8c5c1f272d
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: f056a60de7d57d1c2988845ee5caadae45de4e867d50cf2a5ddedb69ad303cab
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 4bd30ba4a13a49cf45f4c7461d1d8e4486d0964e213d050604669cedad02f43a
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
SRPM
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm
SHA-256: 0b4e20d8d815dfb817a24e18a3a44b54a5ff05887144e3fbc91d7d5abc9463bf
x86_64
kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 0c0c9ad192d0a3c8e69c65945a41a113b92240b0445065b5f1479005e37a5b1d
kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 631c9f39216bd5dbe72b8b219e63cbe83360f130ee674992edfca584b941eb8f
kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 526ec7997865d71fe7000c271a9a26406ac43c0070cc5bc4777b81fa7e8e6f34
kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 91eec11f591c6354a99bc5c369529526a7dc8d3bd09406e3dba25cf2af7ff01c
kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 79500cc02ea0e1b43512a00564b13ae4c488e2edebd79eebaad716dd6a26a89a
kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 19358f8e53053878f214fdf9a2003b8f7db3b12a2d139fa71238ec4ead5342e9
kernel-rt-debug-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 978cfddf5fad6f4946342382887cfd3586fa441db23d3d9ed927fdd28015a398
kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: c896002ad9aa58b184b69c0657bc373fb46403d3f0b8a89abb6470b53e3c549f
kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 00066d3dbf8e5a4b5a6a038f6c58113aa1aec084faf776439fc7e6f4382809e7
kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 5beefec734236bc68b43c538587a27c72f8653f3d7e7e2d18bef5f7ac6f9e6ab
kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: aa6d1f301b379262798fcdc6b34fa87eb510d62781e626317a744655fde637e9
kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 0e94c0477e1544f9563c7ee5ed6c29d4d22c8f3a8732d944eca18a8c5c1f272d
kernel-rt-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 792b5d22a23467e77caffc3d0797ca7bfe5f9df8d857818b94b11804fad30c68
kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: f056a60de7d57d1c2988845ee5caadae45de4e867d50cf2a5ddedb69ad303cab
kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm
SHA-256: 4bd30ba4a13a49cf45f4c7461d1d8e4486d0964e213d050604669cedad02f43a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-1281: A use-after-free vulnerability w...
Logging Subsystem 5.7.2 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2023-27539: A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpe...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's udm...
The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.
An update for kernel is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-1390: A remote denial of service vulnerab...
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user t...
Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Red Hat Security Advisory 2023-1677-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include heap overflow and integer overflow vulnerabilities.
Red Hat Security Advisory 2023-1656-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.56.
Red Hat Security Advisory 2023-1659-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. * CVE...
Red Hat Security Advisory 2023-1556-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1554-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak prob...
An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0266: A use-after-free flaw was found in the ALSA subsystem in sound/core/control.c in the Linux kernel. This flaw allows a local attacker to cause a use-after-free issue. * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) o...
Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU driver in the Linux kernel. A local attacker could possibly use this to cause a denial of service or possibly execute arbitrary code.
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discovered that the Upper Level Protocol (ULP) subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
Ubuntu Security Notice 5976-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
Red Hat Security Advisory 2023-1471-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a double free vulnerability.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4744: A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-0266: A use-after-free flaw was found in the...
Ubuntu Security Notice 5970-1 - It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect branch prediction isolation between L1 and L2 VMs. An attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. It was discovered that a race condition existed in the Xen network backend driver in the Linux kernel when handling dropped packets in certain circumstances. An attacker could use this to cause a denial of service.
Ubuntu Security Notice 5962-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5950-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was found ...
Ubuntu Security Notice 5940-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5940-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5939-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5935-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5929-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5913-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Lee Jones discovered that a use-after-free vulnerability existed in the Bluetooth implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5914-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code.
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e