Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1103: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4378: A stack overflow flaw was found in the Linux kernel’s SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#rpm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-03-07

Updated:

2023-03-07

RHSA-2023:1103 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_90_1-1-4.el8_2.src.rpm

SHA-256: bbd8b3734dd7b072471e5b8509171d50460f1220c373a52229a2e8ef617e3050

kpatch-patch-4_18_0-193_91_1-1-4.el8_2.src.rpm

SHA-256: 25764dcf7388b215908afb2905304a4b115ff870936052c83c2e2f0336801145

kpatch-patch-4_18_0-193_93_1-1-3.el8_2.src.rpm

SHA-256: 12d1624d5ee73118af55d6ba22db2ea47ba2bb8cd115d07d0bece338d54b9697

kpatch-patch-4_18_0-193_95_1-1-2.el8_2.src.rpm

SHA-256: 7cd2b7ad0e8e4169179a1a04c0a8dfc1ca442c3010c521e85e414ac077dd2ad5

kpatch-patch-4_18_0-193_98_1-1-1.el8_2.src.rpm

SHA-256: e9ac5e3dcd4bc083884317c3709de5471c4e10f8478cec36bc5ecbc992ca6615

ppc64le

kpatch-patch-4_18_0-193_90_1-1-4.el8_2.ppc64le.rpm

SHA-256: 510a73b4a59501a6a65d37a4400401a0ebc2546aa82682b970b5ae2ed5219062

kpatch-patch-4_18_0-193_90_1-debuginfo-1-4.el8_2.ppc64le.rpm

SHA-256: 5cf60d250c5705b8f44f3b9560506d6b169dd7d21efaf3c08bf25be7aecd1951

kpatch-patch-4_18_0-193_90_1-debugsource-1-4.el8_2.ppc64le.rpm

SHA-256: 848ed001a3cdf85176a360bfef16549891d54ee7fbe8a8536583d7d12a2eb069

kpatch-patch-4_18_0-193_91_1-1-4.el8_2.ppc64le.rpm

SHA-256: c01f22c18319f94cfbd5ddca488a0c094764b347c849383fb23c115e84b784f3

kpatch-patch-4_18_0-193_91_1-debuginfo-1-4.el8_2.ppc64le.rpm

SHA-256: a51d2407e6f620c6677029744d37764ce3d0fb6b468fb6f13bc81e3bba38cc99

kpatch-patch-4_18_0-193_91_1-debugsource-1-4.el8_2.ppc64le.rpm

SHA-256: 8ba16aefbf35900e40b4234f8b3ef9e5e801ce6ea005d06e8c3ee0666fb9ba09

kpatch-patch-4_18_0-193_93_1-1-3.el8_2.ppc64le.rpm

SHA-256: d4f13a58d8f18354ac9a30eea4bab54eb01f398c7585ee6fee9cffb543931f78

kpatch-patch-4_18_0-193_93_1-debuginfo-1-3.el8_2.ppc64le.rpm

SHA-256: 285b31967fcd6b8e71b3e49d28ceebeaea6e74f6d1a46ea86c97f520bb60d05a

kpatch-patch-4_18_0-193_93_1-debugsource-1-3.el8_2.ppc64le.rpm

SHA-256: 8301f8a9ac6064a6354c0b3a630eec940d9567564aeaa3d7acd3b0ca1160fe99

kpatch-patch-4_18_0-193_95_1-1-2.el8_2.ppc64le.rpm

SHA-256: 081598fc2103ae410f813a5e79aa23fef9752f93f595de616f8a9164a693ec16

kpatch-patch-4_18_0-193_95_1-debuginfo-1-2.el8_2.ppc64le.rpm

SHA-256: c0f1ae599ed4ac9831cb81d7a72b660d394112c4166b26fd256012f97511e125

kpatch-patch-4_18_0-193_95_1-debugsource-1-2.el8_2.ppc64le.rpm

SHA-256: f705d6107f65162394380e0d13152f512dac6c613a9d53a5db82b3f732addaee

kpatch-patch-4_18_0-193_98_1-1-1.el8_2.ppc64le.rpm

SHA-256: ee6a3acf208e327d6586cec453ac8a68bff8a0b14e3185886b5b6f77b414e567

kpatch-patch-4_18_0-193_98_1-debuginfo-1-1.el8_2.ppc64le.rpm

SHA-256: 2c5be72f0f1ff40597194051ea79c7084b55aeba0fc9edb1e95cf60df39a112b

kpatch-patch-4_18_0-193_98_1-debugsource-1-1.el8_2.ppc64le.rpm

SHA-256: 6c0425cb5b04407f63b90e0c0e731b69af83c7459c00fee49615c7eab0f097d9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

kpatch-patch-4_18_0-193_90_1-1-4.el8_2.src.rpm

SHA-256: bbd8b3734dd7b072471e5b8509171d50460f1220c373a52229a2e8ef617e3050

kpatch-patch-4_18_0-193_91_1-1-4.el8_2.src.rpm

SHA-256: 25764dcf7388b215908afb2905304a4b115ff870936052c83c2e2f0336801145

kpatch-patch-4_18_0-193_93_1-1-3.el8_2.src.rpm

SHA-256: 12d1624d5ee73118af55d6ba22db2ea47ba2bb8cd115d07d0bece338d54b9697

kpatch-patch-4_18_0-193_95_1-1-2.el8_2.src.rpm

SHA-256: 7cd2b7ad0e8e4169179a1a04c0a8dfc1ca442c3010c521e85e414ac077dd2ad5

kpatch-patch-4_18_0-193_98_1-1-1.el8_2.src.rpm

SHA-256: e9ac5e3dcd4bc083884317c3709de5471c4e10f8478cec36bc5ecbc992ca6615

x86_64

kpatch-patch-4_18_0-193_90_1-1-4.el8_2.x86_64.rpm

SHA-256: caa54a2850ae7cdd3b3b2192934e8ce3d5a2c979443c1735de9eb78384d0f5d7

kpatch-patch-4_18_0-193_90_1-debuginfo-1-4.el8_2.x86_64.rpm

SHA-256: 6fde5522f1abd2da0c3a1b300405a0db5dbc1b6d23c5544ae374c50c4817ca06

kpatch-patch-4_18_0-193_90_1-debugsource-1-4.el8_2.x86_64.rpm

SHA-256: 1ed570d6e6a3c0b4449588ae98098a5f5a263379c80189716443fb3e58af5f52

kpatch-patch-4_18_0-193_91_1-1-4.el8_2.x86_64.rpm

SHA-256: c82b8c6142275f63bb02c9decbc4aa74b082d2f70383b6cb2a02f3b2a9741378

kpatch-patch-4_18_0-193_91_1-debuginfo-1-4.el8_2.x86_64.rpm

SHA-256: fb4e9ec2aefd92f936ed42d2c447c8f5b0fd1005d8324f44d52d59fac389f6df

kpatch-patch-4_18_0-193_91_1-debugsource-1-4.el8_2.x86_64.rpm

SHA-256: 5e7c178d18c966124d8c8673c90e3c0b5940a31f22d212f83a30ef0df585a4d4

kpatch-patch-4_18_0-193_93_1-1-3.el8_2.x86_64.rpm

SHA-256: 4abb7fa533812516b4bec35b5c1f1552c69f56616488cf516aea19fa4879db9d

kpatch-patch-4_18_0-193_93_1-debuginfo-1-3.el8_2.x86_64.rpm

SHA-256: 1fd023e2c50dc79da065f659e1ea5475fcead2a05c2f0aa1d8f1f27003689dab

kpatch-patch-4_18_0-193_93_1-debugsource-1-3.el8_2.x86_64.rpm

SHA-256: a49c6bfc1536d80d4b0ecb6c2355f0d1c9d2a61111eaf7977154a0a3c45f70be

kpatch-patch-4_18_0-193_95_1-1-2.el8_2.x86_64.rpm

SHA-256: 04441e919805beca26dcd378b82826c2f191df0bcb4d1a45afde9f8eeca03c1c

kpatch-patch-4_18_0-193_95_1-debuginfo-1-2.el8_2.x86_64.rpm

SHA-256: 96845e454801474fd7f6852fe183c0031b511cc2c0e4f4d62da4ee1a164021ed

kpatch-patch-4_18_0-193_95_1-debugsource-1-2.el8_2.x86_64.rpm

SHA-256: 508c31933305fbd30152dba340f9744e6f5066bf309dcd74a27dbb8454393b15

kpatch-patch-4_18_0-193_98_1-1-1.el8_2.x86_64.rpm

SHA-256: 25df5d3d535f6df464ede9a755f3afa16c532120be289bd56be95efba1729100

kpatch-patch-4_18_0-193_98_1-debuginfo-1-1.el8_2.x86_64.rpm

SHA-256: 6f2467524ca3a501b7b8647de50de5ea1ec08ece1d3178bebb515bbe2d88958c

kpatch-patch-4_18_0-193_98_1-debugsource-1-1.el8_2.x86_64.rpm

SHA-256: ed462fcef9b898553ae7c0af0422c30e09fc3114941c5cdb9be9f2b15d3d40e5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2022-43908: Security Bulletin: IBM Security Guardium is affected by several vulnerabilities

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.

RHSA-2023:3431: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack ove...

Red Hat Security Advisory 2023-2083-01

Red Hat Security Advisory 2023-2083-01 - Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Issues addressed include denial of service and server-side request forgery vulnerabilities.

RHSA-2023:1706: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

RHSA-2023:1705: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

RHSA-2023:1566: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of se...

RHSA-2023:1584: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4269: A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of...

RHSA-2023:1393: Red Hat Security Advisory: OpenShift Container Platform 4.10.55 security update

Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issu...

Red Hat Security Advisory 2023-1203-01

Red Hat Security Advisory 2023-1203-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, integer overflow, and use-after-free vulnerabilities.

RHSA-2023:1220: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4269: A flaw was fou...

Red Hat Security Advisory 2023-1109-01

Red Hat Security Advisory 2023-1109-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Security Advisory 2023-1091-01

Red Hat Security Advisory 2023-1091-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

RHSA-2023:1109: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially esc...

RHSA-2023:1092: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4378: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2022-42703: A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c ...

Ubuntu Security Notice USN-5920-1

Ubuntu Security Notice 5920-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-5919-1

Ubuntu Security Notice 5919-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Red Hat Security Advisory 2023-0945-01

Red Hat Security Advisory 2023-0945-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

RHSA-2023:1008: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges. * CVE-2022-4378: A stack overflow flaw was found in th...

RHSA-2023:0979: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2873: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP blue...

Ubuntu Security Notice USN-5883-1

Ubuntu Security Notice 5883-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2023-0858-01

Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

Ubuntu Security Notice USN-5814-1

Ubuntu Security Notice 5814-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5809-1

Ubuntu Security Notice 5809-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5803-1

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.