- Issued:
- 2023-04-04
- Updated:
- 2023-04-04
RHSA-2023:1584 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
- kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
- kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Lazy irq_work does not raise softirq on PREEMPT_RT [rhel-8] (BZ#2172163)
- The latest RHEL 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2150272 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action
- BZ - 2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces
- BZ - 2159505 - CVE-2023-0386 kernel: FUSE filesystem low-privileged user privileges escalation
- BZ - 2163379 - CVE-2023-0266 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm | SHA-256: 98e32c4eba7260d02c31d9d0f8d05293108c43224425e899e71818ba818cac60 |
| x86_64 | |
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 0e7e5f21650dddff84e0ca8165ba56444ab0bf390f4d397c9fde19faab3b2a41 |
| kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: fd49b8f0ca50edefbfde71619860d0d8dcc4ea36a7c1c7c68dd30e235f9c6268 |
| kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 66314962f318e1fd6b10a07de854493e70bec31328c4862098d1d3c6baf3da13 |
| kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: c50a96461b2e017c280760ff064a0407c44e64ff5afb22ba53b6e9f645c2e282 |
| kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 710181da5867b62f83e14f4edc597a1c8bc290b71224d3551941c1c2f950f544 |
| kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 47b3c3789fd5dd59bfb4e8ef5b34eb2a6bbe5dd0487fb4d671eb4df491ef3898 |
| kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 8d2563a158594bdeaf2fbe0719de2b2739a35c7b5821cc9e29c807aab4c15c29 |
| kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: a653114023062b561a5c2368fa368f6d9dabcc33c8b7ad866d66012f78bb5a26 |
| kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 5432f03630348927a46bba1724d3fe6afe18740bce5c13a45bb616e4c02007a2 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: ac8245405c59b3fa369650b1ce9bd7ce8ac23147fdb4c74fe00a5c059dd3959f |
| kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 1d0156aade8a21db05039d29647be6cf65f0e472041212c3c935cead833ecdcc |
| kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 59e4db38e3cdbb979b9da1c52a996d9cdf266941422f3fca9459cd87bf39d479 |
| kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: d77868ceed39de7abf6c04dc18dd0642e2f4e8dfbd5cf153d9cfe117fe3971e1 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm | SHA-256: 98e32c4eba7260d02c31d9d0f8d05293108c43224425e899e71818ba818cac60 |
| x86_64 | |
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 0e7e5f21650dddff84e0ca8165ba56444ab0bf390f4d397c9fde19faab3b2a41 |
| kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: fd49b8f0ca50edefbfde71619860d0d8dcc4ea36a7c1c7c68dd30e235f9c6268 |
| kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 66314962f318e1fd6b10a07de854493e70bec31328c4862098d1d3c6baf3da13 |
| kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: c50a96461b2e017c280760ff064a0407c44e64ff5afb22ba53b6e9f645c2e282 |
| kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 710181da5867b62f83e14f4edc597a1c8bc290b71224d3551941c1c2f950f544 |
| kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 47b3c3789fd5dd59bfb4e8ef5b34eb2a6bbe5dd0487fb4d671eb4df491ef3898 |
| kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: bc0e06dcfbd896d78ccfa14f1f0eeb5beb2a00205f989e0b9ef40ef92c66f66b |
| kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 8d2563a158594bdeaf2fbe0719de2b2739a35c7b5821cc9e29c807aab4c15c29 |
| kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: a653114023062b561a5c2368fa368f6d9dabcc33c8b7ad866d66012f78bb5a26 |
| kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 5432f03630348927a46bba1724d3fe6afe18740bce5c13a45bb616e4c02007a2 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: ac8245405c59b3fa369650b1ce9bd7ce8ac23147fdb4c74fe00a5c059dd3959f |
| kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 1d0156aade8a21db05039d29647be6cf65f0e472041212c3c935cead833ecdcc |
| kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 23ab912b9e8f40552b5d10875c3ac32feebfb0ff169bec759ac9f0d5ded9db34 |
| kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 59e4db38e3cdbb979b9da1c52a996d9cdf266941422f3fca9459cd87bf39d479 |
| kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: d77868ceed39de7abf6c04dc18dd0642e2f4e8dfbd5cf153d9cfe117fe3971e1 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm | SHA-256: 98e32c4eba7260d02c31d9d0f8d05293108c43224425e899e71818ba818cac60 |
| x86_64 | |
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 0e7e5f21650dddff84e0ca8165ba56444ab0bf390f4d397c9fde19faab3b2a41 |
| kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: fd49b8f0ca50edefbfde71619860d0d8dcc4ea36a7c1c7c68dd30e235f9c6268 |
| kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 66314962f318e1fd6b10a07de854493e70bec31328c4862098d1d3c6baf3da13 |
| kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: c50a96461b2e017c280760ff064a0407c44e64ff5afb22ba53b6e9f645c2e282 |
| kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 710181da5867b62f83e14f4edc597a1c8bc290b71224d3551941c1c2f950f544 |
| kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 47b3c3789fd5dd59bfb4e8ef5b34eb2a6bbe5dd0487fb4d671eb4df491ef3898 |
| kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 8d2563a158594bdeaf2fbe0719de2b2739a35c7b5821cc9e29c807aab4c15c29 |
| kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: a653114023062b561a5c2368fa368f6d9dabcc33c8b7ad866d66012f78bb5a26 |
| kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 5432f03630348927a46bba1724d3fe6afe18740bce5c13a45bb616e4c02007a2 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: ac8245405c59b3fa369650b1ce9bd7ce8ac23147fdb4c74fe00a5c059dd3959f |
| kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 1d0156aade8a21db05039d29647be6cf65f0e472041212c3c935cead833ecdcc |
| kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 59e4db38e3cdbb979b9da1c52a996d9cdf266941422f3fca9459cd87bf39d479 |
| kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: d77868ceed39de7abf6c04dc18dd0642e2f4e8dfbd5cf153d9cfe117fe3971e1 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.src.rpm | SHA-256: 98e32c4eba7260d02c31d9d0f8d05293108c43224425e899e71818ba818cac60 |
| x86_64 | |
| kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 0e7e5f21650dddff84e0ca8165ba56444ab0bf390f4d397c9fde19faab3b2a41 |
| kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: fd49b8f0ca50edefbfde71619860d0d8dcc4ea36a7c1c7c68dd30e235f9c6268 |
| kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 66314962f318e1fd6b10a07de854493e70bec31328c4862098d1d3c6baf3da13 |
| kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: c50a96461b2e017c280760ff064a0407c44e64ff5afb22ba53b6e9f645c2e282 |
| kernel-rt-debug-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 710181da5867b62f83e14f4edc597a1c8bc290b71224d3551941c1c2f950f544 |
| kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 47b3c3789fd5dd59bfb4e8ef5b34eb2a6bbe5dd0487fb4d671eb4df491ef3898 |
| kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: bc0e06dcfbd896d78ccfa14f1f0eeb5beb2a00205f989e0b9ef40ef92c66f66b |
| kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 8d2563a158594bdeaf2fbe0719de2b2739a35c7b5821cc9e29c807aab4c15c29 |
| kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: a653114023062b561a5c2368fa368f6d9dabcc33c8b7ad866d66012f78bb5a26 |
| kernel-rt-debuginfo-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 5432f03630348927a46bba1724d3fe6afe18740bce5c13a45bb616e4c02007a2 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: ac8245405c59b3fa369650b1ce9bd7ce8ac23147fdb4c74fe00a5c059dd3959f |
| kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 1d0156aade8a21db05039d29647be6cf65f0e472041212c3c935cead833ecdcc |
| kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 23ab912b9e8f40552b5d10875c3ac32feebfb0ff169bec759ac9f0d5ded9db34 |
| kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: 59e4db38e3cdbb979b9da1c52a996d9cdf266941422f3fca9459cd87bf39d479 |
| kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm | SHA-256: d77868ceed39de7abf6c04dc18dd0642e2f4e8dfbd5cf153d9cfe117fe3971e1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
