RHBA-2023:7338 - Bug Fix Advisory

Topic

Updated rhel8/gcc-toolset-12-toolchain container image is now available for Red Hat Enterprise Linux 8.

Description

The rhel8/gcc-toolset-12-toolchain container image has been updated for Red Hat Enterprise Linux 8 to address the following security advisory: RHSA-2023:7077 (see References)

Users of rhel8/gcc-toolset-12-toolchain container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 8 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 2024989 - CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
• BZ - 2073091 - CVE-2022-28388 kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
• BZ - 2133453 - CVE-2022-40133 kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context
• BZ - 2133455 - CVE-2022-38457 kernel: vmwgfx: use-after-free in vmw_cmd_res_check
• BZ - 2139610 - CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
• BZ - 2147356 - CVE-2022-42895 kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c
• BZ - 2148520 - CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
• BZ - 2149024 - CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
• BZ - 2151317 - CVE-2022-45869 kernel: KVM: x86/mmu: race condition in direct_page_fault()
• BZ - 2156322 - CVE-2022-4744 kernel: tun: avoid double free in tun_free_netdev
• BZ - 2165741 - CVE-2023-0590 kernel: use-after-free due to race condition in qdisc_graft()
• BZ - 2165926 - CVE-2023-0597 kernel: x86/mm: Randomize per-cpu entry area
• BZ - 2168332 - CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
• BZ - 2173403 - CVE-2023-1073 kernel: HID: check empty report_list in hid_validate_values()
• BZ - 2173430 - CVE-2023-1074 kernel: sctp: fail if no bound addresses can be used for a given scope
• BZ - 2173434 - CVE-2023-1075 kernel: net/tls: tls_is_tx_ready() checked list_entry
• BZ - 2173444 - CVE-2023-1079 kernel: hid: Use After Free in asus_remove()
• BZ - 2174400 - CVE-2023-1118 kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition
• BZ - 2175903 - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
• BZ - 2176140 - CVE-2023-1252 kernel: ovl: fix use after free in struct ovl_aio_req
• BZ - 2177371 - CVE-2023-1382 kernel: denial of service in tipc_conn_close
• BZ - 2177389 - CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
• BZ - 2181330 - CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
• BZ - 2182443 - CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
• BZ - 2184578 - CVE-2023-1855 kernel: use-after-free bug in remove function xgene_hwmon_remove
• BZ - 2185945 - CVE-2023-1989 kernel: Use after free bug in btsdio_remove due to race condition
• BZ - 2187257 - CVE-2023-1998 kernel: Spectre v2 SMT mitigations problem
• BZ - 2188468 - CVE-2023-30456 kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
• BZ - 2192667 - CVE-2023-33203 kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()
• BZ - 2192671 - CVE-2023-31436 kernel: out-of-bounds write in qfq_change_class function
• BZ - 2193097 - CVE-2023-2513 kernel: ext4: use-after-free in ext4_xattr_set_entry()
• BZ - 2193219 - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
• BZ - 2213139 - CVE-2023-31084 kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
• BZ - 2213199 - CVE-2023-3141 kernel: Use after free bug in r592_remove
• BZ - 2213485 - CVE-2023-3161 kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
• BZ - 2213802 - CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
• BZ - 2214348 - CVE-2023-3212 kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
• BZ - 2215502 - CVE-2023-3268 kernel: out-of-bounds access in relay_file_read
• BZ - 2215835 - CVE-2023-35823 kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()
• BZ - 2215836 - CVE-2023-35824 kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()
• BZ - 2215837 - CVE-2023-35825 kernel: r592: race condition leading to use-after-free in r592_remove()
• BZ - 2218195 - CVE-2023-33951 kernel: vmwgfx: race condition leading to information disclosure vulnerability
• BZ - 2218212 - CVE-2023-33952 kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
• BZ - 2218943 - CVE-2023-3772 kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()
• BZ - 2221707 - CVE-2023-4132 kernel: smsusb: use-after-free caused by do_submit_urb()
• BZ - 2223949 - CVE-2022-40982 hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
• BZ - 2225191 - CVE-2023-3611 kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
• BZ - 2225201 - CVE-2023-3609 kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
• BZ - 2225511 - CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
• BZ - 2236982 - CVE-2023-4732 kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h

CVEs

• CVE-2021-43975
• CVE-2022-3594
• CVE-2022-3640
• CVE-2022-4744
• CVE-2022-28388
• CVE-2022-38457
• CVE-2022-40133
• CVE-2022-40982
• CVE-2022-41862
• CVE-2022-42895
• CVE-2022-45869
• CVE-2022-45887
• CVE-2022-48337
• CVE-2022-48339
• CVE-2023-0458
• CVE-2023-0590
• CVE-2023-0597
• CVE-2023-1073
• CVE-2023-1074
• CVE-2023-1075
• CVE-2023-1079
• CVE-2023-1118
• CVE-2023-1206
• CVE-2023-1252
• CVE-2023-1382
• CVE-2023-1855
• CVE-2023-1989
• CVE-2023-1998
• CVE-2023-2513
• CVE-2023-3138
• CVE-2023-3141
• CVE-2023-3161
• CVE-2023-3212
• CVE-2023-3268
• CVE-2023-3609
• CVE-2023-3611
• CVE-2023-3772
• CVE-2023-4016
• CVE-2023-4128
• CVE-2023-4132
• CVE-2023-4155
• CVE-2023-4206
• CVE-2023-4207
• CVE-2023-4208
• CVE-2023-4732
• CVE-2023-23455
• CVE-2023-26545
• CVE-2023-28328
• CVE-2023-28772
• CVE-2023-30456
• CVE-2023-31084
• CVE-2023-31436
• CVE-2023-31486
• CVE-2023-33203
• CVE-2023-33951
• CVE-2023-33952
• CVE-2023-35823
• CVE-2023-35824
• CVE-2023-35825

References

• https://access.redhat.com/errata/RHSA-2023:7077
• https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rhel8/gcc-toolset-12-toolchain