- Issued:
- 2023-04-04
- Updated:
- 2023-04-04
RHSA-2023:1556 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
- kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt RHEL-8.4: disable KASAN, KCSAN and UBSAN for kernel-rt (BZ#2165124)
- kernel-rt: update RT source tree to the RHEL-8.4.z16 source tree (async) (BZ#2183403)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64
Fixes
- BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
- BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm | SHA-256: 0b4e20d8d815dfb817a24e18a3a44b54a5ff05887144e3fbc91d7d5abc9463bf |
| x86_64 | |
| kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 0c0c9ad192d0a3c8e69c65945a41a113b92240b0445065b5f1479005e37a5b1d |
| kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 631c9f39216bd5dbe72b8b219e63cbe83360f130ee674992edfca584b941eb8f |
| kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 526ec7997865d71fe7000c271a9a26406ac43c0070cc5bc4777b81fa7e8e6f34 |
| kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 91eec11f591c6354a99bc5c369529526a7dc8d3bd09406e3dba25cf2af7ff01c |
| kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 79500cc02ea0e1b43512a00564b13ae4c488e2edebd79eebaad716dd6a26a89a |
| kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 19358f8e53053878f214fdf9a2003b8f7db3b12a2d139fa71238ec4ead5342e9 |
| kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: c896002ad9aa58b184b69c0657bc373fb46403d3f0b8a89abb6470b53e3c549f |
| kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 00066d3dbf8e5a4b5a6a038f6c58113aa1aec084faf776439fc7e6f4382809e7 |
| kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 5beefec734236bc68b43c538587a27c72f8653f3d7e7e2d18bef5f7ac6f9e6ab |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: aa6d1f301b379262798fcdc6b34fa87eb510d62781e626317a744655fde637e9 |
| kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 0e94c0477e1544f9563c7ee5ed6c29d4d22c8f3a8732d944eca18a8c5c1f272d |
| kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: f056a60de7d57d1c2988845ee5caadae45de4e867d50cf2a5ddedb69ad303cab |
| kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 4bd30ba4a13a49cf45f4c7461d1d8e4486d0964e213d050604669cedad02f43a |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4
| SRPM | |
|---|---|
| kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.src.rpm | SHA-256: 0b4e20d8d815dfb817a24e18a3a44b54a5ff05887144e3fbc91d7d5abc9463bf |
| x86_64 | |
| kernel-rt-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 0c0c9ad192d0a3c8e69c65945a41a113b92240b0445065b5f1479005e37a5b1d |
| kernel-rt-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 631c9f39216bd5dbe72b8b219e63cbe83360f130ee674992edfca584b941eb8f |
| kernel-rt-debug-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 526ec7997865d71fe7000c271a9a26406ac43c0070cc5bc4777b81fa7e8e6f34 |
| kernel-rt-debug-core-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 91eec11f591c6354a99bc5c369529526a7dc8d3bd09406e3dba25cf2af7ff01c |
| kernel-rt-debug-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 79500cc02ea0e1b43512a00564b13ae4c488e2edebd79eebaad716dd6a26a89a |
| kernel-rt-debug-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 19358f8e53053878f214fdf9a2003b8f7db3b12a2d139fa71238ec4ead5342e9 |
| kernel-rt-debug-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 978cfddf5fad6f4946342382887cfd3586fa441db23d3d9ed927fdd28015a398 |
| kernel-rt-debug-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: c896002ad9aa58b184b69c0657bc373fb46403d3f0b8a89abb6470b53e3c549f |
| kernel-rt-debug-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 00066d3dbf8e5a4b5a6a038f6c58113aa1aec084faf776439fc7e6f4382809e7 |
| kernel-rt-debuginfo-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 5beefec734236bc68b43c538587a27c72f8653f3d7e7e2d18bef5f7ac6f9e6ab |
| kernel-rt-debuginfo-common-x86_64-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: aa6d1f301b379262798fcdc6b34fa87eb510d62781e626317a744655fde637e9 |
| kernel-rt-devel-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 0e94c0477e1544f9563c7ee5ed6c29d4d22c8f3a8732d944eca18a8c5c1f272d |
| kernel-rt-kvm-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 792b5d22a23467e77caffc3d0797ca7bfe5f9df8d857818b94b11804fad30c68 |
| kernel-rt-modules-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: f056a60de7d57d1c2988845ee5caadae45de4e867d50cf2a5ddedb69ad303cab |
| kernel-rt-modules-extra-4.18.0-305.86.2.rt7.160.el8_4.x86_64.rpm | SHA-256: 4bd30ba4a13a49cf45f4c7461d1d8e4486d0964e213d050604669cedad02f43a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
