Headline
RHSA-2023:3350: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Publié :
2023-05-30
Mis à jour :
2023-05-30
RHSA-2023:3350 - Security Advisory
- Aperçu général
- Paquets mis à jour
Synopsis
Important: kernel-rt security and bug fix update
Type / Sévérité
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Sujet
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316)
- Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722)
- kernel-rt: update RT source tree to the RHEL-8.8.z0 source tree. (BZ#2196667)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Produits concernés
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Correctifs
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
Red Hat Enterprise Linux for Real Time 8
SRPM
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm
SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5
x86_64
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691
Red Hat Enterprise Linux for Real Time for NFV 8
SRPM
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm
SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5
x86_64
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698
kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 312606b6826c3dceac20fe138d533e266f03862c29ff75c07f062ee3fa9522ac
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4
kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 51ec00f4db01546ed15642fd3d1d3d56fe9ef4bd4d1329fbc918cb698164e9b4
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
SRPM
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm
SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5
x86_64
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
SRPM
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm
SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5
x86_64
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698
kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 312606b6826c3dceac20fe138d533e266f03862c29ff75c07f062ee3fa9522ac
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4
kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 51ec00f4db01546ed15642fd3d1d3d56fe9ef4bd4d1329fbc918cb698164e9b4
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm
SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691
Le contact Red Hat Security est [email protected]. Plus d’infos contact à https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-5622-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include memory leak, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-5419-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-20593: A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configurat...
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4262-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...
Red Hat Security Advisory 2023-4126-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kpatch-patch-4_18_0-193_100_1, kpatch-patch-4_18_0-193_105_1, kpatch-patch-4_18_0-193_95_1, and kpatch-patch-4_18_0-193_98_1 is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user...
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local ...
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1281: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation. * CVE-2023-32233: A us...
Ubuntu Security Notice 6186-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges. It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux kernel did not properly perform data buffer size validation in some situations. A physically proximate attacker could use this to craft a malicious USB device that when inserted, could cause a denial of service (system crash) or possibly expose sensitive information. It was discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2002: A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. * CVE-2023-2124: An out-of-bounds ...
Ubuntu Security Notice 6175-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Red Hat Security Advisory 2023-3490-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3470-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0461: A use-after-free flaw was found in the Linux kernel’s TLS protocol functionality in how a user installs a tls context (struct tls_context) on a connected TCP socket. This flaw allows a local user to crash or potentially escalate their privileges on the system. * CVE-2023-2008: A flaw was found in the Linux kernel's udm...
Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Ubuntu Security Notice 6130-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6132-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6127-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6124-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
Ubuntu Security Notice 6123-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Reima Ishii discovered that the nested KVM implementation for Intel x86 processors in the Linux kernel did not properly validate control registers in certain situations. An attacker in a guest VM could use this to cause a denial of service.
Ubuntu Security Notice 6122-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service.
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32233: A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially...
Debian Linux Security Advisory 5402-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.