Red Hat Product Errata RHSA-2023:0979 - Security Advisory
Issued:
2023-02-28
Updated:
2023-02-28

RHSA-2023:0979 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
  • kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
  • kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
  • kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
  • kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.1.z2 Batch (BZ#2160463)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 9 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64

Fixes

  • BZ - 2119048 - CVE-2022-2873 kernel: an out-of-bounds vulnerability in i2c-ismt driver
  • BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
  • BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
  • BZ - 2152807 - CVE-2022-4379 kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack
  • BZ - 2161713 - CVE-2023-0179 kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan

Red Hat Enterprise Linux for Real Time 9

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

Red Hat Enterprise Linux for Real Time for NFV 9

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 0950727b54b4cedaa8a034d5baae4fd9431a1d1af7eb1888cd1cfc030ecb6be0
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ba99d8b3148f64704dad9461a4f25d3fc67493cbf774e01f28269a272940cc32
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 0950727b54b4cedaa8a034d5baae4fd9431a1d1af7eb1888cd1cfc030ecb6be0
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ba99d8b3148f64704dad9461a4f25d3fc67493cbf774e01f28269a272940cc32
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2

SRPM
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.src.rpm SHA-256: 565809a0dc7ebbe5a309e91588a3b9958d0cc836dbf64d430eafe0a0c3fff162
x86_64
kernel-rt-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ee9c74bbc15562b34fbe34f26892d18768d6eb0c63c5955e6b79a2fe8f84e13a
kernel-rt-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: f256693b98a8d4efdfaf3cd5fcd6d28e5ccbb3f53b19daadf0ecc010b50fa6fb
kernel-rt-debug-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 5e917ed7b8143ac6486fa71dace64a0ec6a8f98d3e466a85a327e7e25c0af048
kernel-rt-debug-core-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: e984f64ce759ba90a0b2e4fcc4ce13f1a3f19c42e99f59ae2db094e2bea4adf8
kernel-rt-debug-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2a04b23d7dbc18598e7edeff9d25ae4028a6b3649db59fe1e5614c98270db8c6
kernel-rt-debug-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 98c149a4e4a0b3732632369cfdfbef2d281db516b25deb53a6f4681e7a815522
kernel-rt-debug-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 0950727b54b4cedaa8a034d5baae4fd9431a1d1af7eb1888cd1cfc030ecb6be0
kernel-rt-debug-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 55da6645935d9cbef1b01088c44506ce55153d45213f47f45d5f9fc1ded011b7
kernel-rt-debug-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 92534cc36db65e994ae9908a59af85b8ff3ef95d9d7a7fd71967565e8c03d7a6
kernel-rt-debuginfo-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 22e88823924e4fbe2a39d7b5cacec91030e63a5e117ed9ebfe4de7f10560a250
kernel-rt-debuginfo-common-x86_64-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 2ee896db929f4fa1d3e984f732dee6696f7dfad1668fea3ba70f0f189d106cdf
kernel-rt-devel-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: db054db7abdfcd8d94ef8e1a5d05cdbc22ea050413ff8b8d96f9af2791b0b3a3
kernel-rt-kvm-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ba99d8b3148f64704dad9461a4f25d3fc67493cbf774e01f28269a272940cc32
kernel-rt-modules-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: ea0bf0a67bba2b9c767bdd27e52e1483ed66b0e5711606ad19a2d253ed6e1fad
kernel-rt-modules-extra-5.14.0-162.18.1.rt21.181.el9_1.x86_64.rpm SHA-256: 6f0e9debecfc6928151ace3eb86d9827f4f5de680432acda7755f4512e26aa10

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.