Headline
RHSA-2023:4021: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-07-11
Updated:
2023-07-11
RHSA-2023:4021 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: kernel security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The iscsi target deadlocks when the same host acts as an initiator to itself (i.e. connects via 127.0.0.1) (BZ#2183541)
- Double free issue in filelayout_alloc_commit_info (BZ#2212878)
- RHEL 7.2: XFS inode cluster corruption [rhel-7.9.z] (BZ#2213361)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Fixes
- BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
Red Hat Enterprise Linux Server - AUS 7.6
SRPM
kernel-3.10.0-957.104.1.el7.src.rpm
SHA-256: ac35f225d8d7b354451b06db4285e0cb12bfb7474f6c1b35da5316c200b9d7cb
x86_64
bpftool-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: bfcf6b9f5d8a83c323a1e1625b6b8e72648259eec0a9830409b4713426234198
kernel-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 9352285fd0a6ed638ab25151043b159bb3182210b5d02b50d11020f260057d82
kernel-abi-whitelists-3.10.0-957.104.1.el7.noarch.rpm
SHA-256: 4756d6e940911fa5c792bec7fdfba2e6e1ecc08d2843fed7796be1b763128240
kernel-debug-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: ea88d6f0e2b3c6df809fb6f665b02ef43b62ceeaf08f1de590ea593c3b929c0e
kernel-debug-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: cfb1646f95430609285cca32b24c3cf6e0a68e9822b413cbdc4dd27b1d96c2ce
kernel-debug-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: cfb1646f95430609285cca32b24c3cf6e0a68e9822b413cbdc4dd27b1d96c2ce
kernel-debug-devel-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 3f6a6ef7139ebcf09a6cb32cb1ef74a27ed4e0cf9e8b62c684198080d32b4fe4
kernel-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 763150ddb96f7c2c895170808e2f156a1abfb0a52b22e7d2221c4b7205852e37
kernel-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 763150ddb96f7c2c895170808e2f156a1abfb0a52b22e7d2221c4b7205852e37
kernel-debuginfo-common-x86_64-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: a2544d3763baa0ea11b7adbe654f08a612d16a04aaa91bb105f9ae88fcc6a1e2
kernel-debuginfo-common-x86_64-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: a2544d3763baa0ea11b7adbe654f08a612d16a04aaa91bb105f9ae88fcc6a1e2
kernel-devel-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 301b52b0511590705340819adaa7919cad7daa570f41f410bb5dc3acf06f5cf4
kernel-doc-3.10.0-957.104.1.el7.noarch.rpm
SHA-256: 04d5c5e269799d0a55314b79e42ffcf5383ea00207a1b09ecbb8bdd390739ed2
kernel-headers-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: cdf7cd038e4d1881935752c63bec0d084ee3fb090d00d40d58f4c18e255d2134
kernel-tools-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: f9da992a0763e4ba3f9702eec5ad92c9e1a3c18552b6c15adfa17be437c8c73e
kernel-tools-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 0974496dec09ffe2fcb8ce54ee2b6d36a1d41ce8bd1c5f378e66b712a9130012
kernel-tools-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 0974496dec09ffe2fcb8ce54ee2b6d36a1d41ce8bd1c5f378e66b712a9130012
kernel-tools-libs-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: a56ff6301cfbf6f8f0f13aca2216f61c7baef6cf75840c798e1f1220b8731c45
kernel-tools-libs-devel-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 9718b5d99e7e09f1582d5b0afd6210f3be70c9e7950637ce9bfb7d79d314cda1
perf-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: af1a393e767d547ec69986a578981b3d2a33beef4c224e8c5b2f3028dbab502d
perf-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: a0750af462a269f04679892a9fab33d646bfa619bfc4b3281cee02505c9a3e9a
perf-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: a0750af462a269f04679892a9fab33d646bfa619bfc4b3281cee02505c9a3e9a
python-perf-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: f21a2a92e0687b8dcb01785492499984ae5a2eb0b0f4b9ab1f394b6b8e81ba67
python-perf-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 0451f01197bd7a5a674106d9a9c81ae9b9f6a019614f298e0b7a638d9009d461
python-perf-debuginfo-3.10.0-957.104.1.el7.x86_64.rpm
SHA-256: 0451f01197bd7a5a674106d9a9c81ae9b9f6a019614f298e0b7a638d9009d461
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges.
An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or poten...
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-26341: A flaw was found in hw. This issue can cause AMD CPUs to transiently execute beyond unconditional direct branches. * CVE-2021-33655: An out-of-bounds write flaw was found in the Linux kernel’s framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to c...
Red Hat Security Advisory 2023-1559-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-1392-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.55.
Red Hat OpenShift Container Platform release 4.10.55 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-20329: A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled docume...
Red Hat Security Advisory 2023-1221-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include null pointer and use-after-free vulnerabilities.
An update for kernel-rt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2873: An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. * CVE-2022-3564: A use-after-free flaw was found in the Linux kernel’s L2CAP blue...
Red Hat Security Advisory 2023-0858-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
Ubuntu Security Notice 5774-1 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the instruction emulator of the Linux kernel on Arm 64-bit systems. A local attacker could use this to cause a denial of service.
Ubuntu Security Notice 5773-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.