Issued:: 2023-05-16
Updated:: 2023-05-16

RHSA-2023:2736 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)
possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)
media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
memory leak in ipv6_renew_options() (CVE-2022-3524)
data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
data races around sk->sk_prot (CVE-2022-3567)
memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)
igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
Executable Space Protection Bypass (CVE-2022-25265)
Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)
Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
Denial of service in beacon protection for P2P-device (CVE-2022-42722)
memory corruption in usbmon driver (CVE-2022-43750)
NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
Soft lockup occurred during __page_mapcount (CVE-2023-1582)
slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64

Fixes

BZ - 2055499 - CVE-2022-25265 kernel: Executable Space Protection Bypass
BZ - 2061703 - CVE-2021-26341 hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch
BZ - 2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c
BZ - 2084125 - CVE-2022-1679 kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges
BZ - 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
BZ - 2090723 - CVE-2022-1789 kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
BZ - 2108691 - CVE-2021-33655 kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
BZ - 2108696 - CVE-2021-33656 kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
BZ - 2114937 - CVE-2022-20141 kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets
BZ - 2122228 - CVE-2022-3028 kernel: race condition in xfrm_probe_algs can lead to OOB read/write
BZ - 2122960 - CVE-2022-41218 kernel: Report vmalloc UAF in dvb-core/dmxdev
BZ - 2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue
BZ - 2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
BZ - 2127985 - CVE-2022-3239 kernel: media: em28xx: initialize refcount before kref_get
BZ - 2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
BZ - 2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse
BZ - 2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
BZ - 2134451 - CVE-2022-42720 kernel: use-after-free in bss_ref_get in net/wireless/scan.c
BZ - 2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
BZ - 2134517 - CVE-2022-42722 kernel: Denial of service in beacon protection for P2P-device
BZ - 2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference
BZ - 2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
BZ - 2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt
BZ - 2143943 - CVE-2022-3567 kernel: data races around sk->sk_prot
BZ - 2144720 - CVE-2022-3625 kernel: use-after-free after failed devlink reload in devlink_param_get
BZ - 2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options()
BZ - 2150960 - CVE-2022-3628 kernel: USB-accessible buffer overflow in brcmfmac
BZ - 2150979 - CVE-2022-3522 kernel: race condition in hugetlb_no_page() in mm/hugetlb.c
BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
BZ - 2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver
BZ - 2154171 - CVE-2023-1195 kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
BZ - 2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c
BZ - 2160023 - CVE-2022-2196 kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
BZ - 2162120 - CVE-2023-0394 kernel: NULL pointer dereference in rawv6_push_pending_frames
BZ - 2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry
BZ - 2168246 - CVE-2022-47929 kernel: NULL pointer dereference in traffic control subsystem
BZ - 2168297 - CVE-2023-23454 kernel: slab-out-of-bounds read vulnerabilities in cbq_classify
BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
BZ - 2180936 - CVE-2023-1582 kernel: Soft lockup occurred during __page_mapcount

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.src.rpm	SHA-256: f222bbb43a2ec17e6b9b172b8fb77d284978a865c17f33ace89f50c7aad533d8
x86_64
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 511ddedd5c0c51c7d1e59cf89bbfd1f324d6ffcc21f7c96db80e9ded5b1c6322
kernel-rt-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 5a4ada800ce2776ca8bf184aa048a921386174dd4824e7d655801d61fc2418a4
kernel-rt-debug-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 27b51cbf87bf219830728236c2e3a5e714a06fde8d37655ad5d37e4defc2ca64
kernel-rt-debug-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: ed077a0001e7818ce3b434d48f81dae0cc7d5db20f056319e9e3c195c7ecb931
kernel-rt-debug-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 13beca4f6fe450ae282639401eb9d519839bb9aa7432c0ccb4b44b64ac25395b
kernel-rt-debug-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 82cc2259f77460dbc50aff0520f15c25d907e02c4a790ddb7e1818f41af22e82
kernel-rt-debug-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: b67f9f059dcda0725106a00758f50333ecaede2b0e2a4f08c72040c55d4a8013
kernel-rt-debug-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 80275cafd2bcda561b684cfa916735145241d74e73037cf7accf18bc156f2635
kernel-rt-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 62ec2fa71706a79ffd45cdf526bf8acf9cd4e95b1a155d2b5829bb7bce5af4f7
kernel-rt-debuginfo-common-x86_64-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 36419993ec484e6ec76b86e04fe9d74f864863cb26be1c944e2a44b390aa7394
kernel-rt-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 52f4f3a77d0554560ebdeb1c7499571c5f1b50b878693136d5d886646cdd7024
kernel-rt-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 483c11e0b03fd3d8de7b5ff4a3ad1215af7b1bd89f569fa2c0130a254cf00764
kernel-rt-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 79911577ed413a6d495e03802f6fbc02926872f01309fcf7fa038165b0993d39

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.src.rpm	SHA-256: f222bbb43a2ec17e6b9b172b8fb77d284978a865c17f33ace89f50c7aad533d8
x86_64
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 511ddedd5c0c51c7d1e59cf89bbfd1f324d6ffcc21f7c96db80e9ded5b1c6322
kernel-rt-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 5a4ada800ce2776ca8bf184aa048a921386174dd4824e7d655801d61fc2418a4
kernel-rt-debug-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 27b51cbf87bf219830728236c2e3a5e714a06fde8d37655ad5d37e4defc2ca64
kernel-rt-debug-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: ed077a0001e7818ce3b434d48f81dae0cc7d5db20f056319e9e3c195c7ecb931
kernel-rt-debug-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 13beca4f6fe450ae282639401eb9d519839bb9aa7432c0ccb4b44b64ac25395b
kernel-rt-debug-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 82cc2259f77460dbc50aff0520f15c25d907e02c4a790ddb7e1818f41af22e82
kernel-rt-debug-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 2727a762e5d35baa35a62d2cc35998c10c7d3493876257d57bb6a00a9c90e3be
kernel-rt-debug-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: b67f9f059dcda0725106a00758f50333ecaede2b0e2a4f08c72040c55d4a8013
kernel-rt-debug-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 80275cafd2bcda561b684cfa916735145241d74e73037cf7accf18bc156f2635
kernel-rt-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 62ec2fa71706a79ffd45cdf526bf8acf9cd4e95b1a155d2b5829bb7bce5af4f7
kernel-rt-debuginfo-common-x86_64-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 36419993ec484e6ec76b86e04fe9d74f864863cb26be1c944e2a44b390aa7394
kernel-rt-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 52f4f3a77d0554560ebdeb1c7499571c5f1b50b878693136d5d886646cdd7024
kernel-rt-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: d665943e93684a9ec0f7171a9f5a8d466d7ebc58389142b15501a491c08fb0ea
kernel-rt-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 483c11e0b03fd3d8de7b5ff4a3ad1215af7b1bd89f569fa2c0130a254cf00764
kernel-rt-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 79911577ed413a6d495e03802f6fbc02926872f01309fcf7fa038165b0993d39

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.src.rpm	SHA-256: f222bbb43a2ec17e6b9b172b8fb77d284978a865c17f33ace89f50c7aad533d8
x86_64
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 511ddedd5c0c51c7d1e59cf89bbfd1f324d6ffcc21f7c96db80e9ded5b1c6322
kernel-rt-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 5a4ada800ce2776ca8bf184aa048a921386174dd4824e7d655801d61fc2418a4
kernel-rt-debug-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 27b51cbf87bf219830728236c2e3a5e714a06fde8d37655ad5d37e4defc2ca64
kernel-rt-debug-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: ed077a0001e7818ce3b434d48f81dae0cc7d5db20f056319e9e3c195c7ecb931
kernel-rt-debug-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 13beca4f6fe450ae282639401eb9d519839bb9aa7432c0ccb4b44b64ac25395b
kernel-rt-debug-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 82cc2259f77460dbc50aff0520f15c25d907e02c4a790ddb7e1818f41af22e82
kernel-rt-debug-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: b67f9f059dcda0725106a00758f50333ecaede2b0e2a4f08c72040c55d4a8013
kernel-rt-debug-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 80275cafd2bcda561b684cfa916735145241d74e73037cf7accf18bc156f2635
kernel-rt-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 62ec2fa71706a79ffd45cdf526bf8acf9cd4e95b1a155d2b5829bb7bce5af4f7
kernel-rt-debuginfo-common-x86_64-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 36419993ec484e6ec76b86e04fe9d74f864863cb26be1c944e2a44b390aa7394
kernel-rt-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 52f4f3a77d0554560ebdeb1c7499571c5f1b50b878693136d5d886646cdd7024
kernel-rt-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 483c11e0b03fd3d8de7b5ff4a3ad1215af7b1bd89f569fa2c0130a254cf00764
kernel-rt-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 79911577ed413a6d495e03802f6fbc02926872f01309fcf7fa038165b0993d39

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.src.rpm	SHA-256: f222bbb43a2ec17e6b9b172b8fb77d284978a865c17f33ace89f50c7aad533d8
x86_64
kernel-rt-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 511ddedd5c0c51c7d1e59cf89bbfd1f324d6ffcc21f7c96db80e9ded5b1c6322
kernel-rt-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 5a4ada800ce2776ca8bf184aa048a921386174dd4824e7d655801d61fc2418a4
kernel-rt-debug-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 27b51cbf87bf219830728236c2e3a5e714a06fde8d37655ad5d37e4defc2ca64
kernel-rt-debug-core-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: ed077a0001e7818ce3b434d48f81dae0cc7d5db20f056319e9e3c195c7ecb931
kernel-rt-debug-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 13beca4f6fe450ae282639401eb9d519839bb9aa7432c0ccb4b44b64ac25395b
kernel-rt-debug-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 82cc2259f77460dbc50aff0520f15c25d907e02c4a790ddb7e1818f41af22e82
kernel-rt-debug-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 2727a762e5d35baa35a62d2cc35998c10c7d3493876257d57bb6a00a9c90e3be
kernel-rt-debug-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: b67f9f059dcda0725106a00758f50333ecaede2b0e2a4f08c72040c55d4a8013
kernel-rt-debug-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 80275cafd2bcda561b684cfa916735145241d74e73037cf7accf18bc156f2635
kernel-rt-debuginfo-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 62ec2fa71706a79ffd45cdf526bf8acf9cd4e95b1a155d2b5829bb7bce5af4f7
kernel-rt-debuginfo-common-x86_64-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 36419993ec484e6ec76b86e04fe9d74f864863cb26be1c944e2a44b390aa7394
kernel-rt-devel-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 52f4f3a77d0554560ebdeb1c7499571c5f1b50b878693136d5d886646cdd7024
kernel-rt-kvm-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: d665943e93684a9ec0f7171a9f5a8d466d7ebc58389142b15501a491c08fb0ea
kernel-rt-modules-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 483c11e0b03fd3d8de7b5ff4a3ad1215af7b1bd89f569fa2c0130a254cf00764
kernel-rt-modules-extra-4.18.0-477.10.1.rt7.274.el8_8.x86_64.rpm	SHA-256: 79911577ed413a6d495e03802f6fbc02926872f01309fcf7fa038165b0993d39

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation