- Issued:
- 2023-05-30
- Updated:
- 2023-05-30
RHSA-2023:3350 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316)
- Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722)
- kernel-rt: update RT source tree to the RHEL-8.8.z0 source tree. (BZ#2196667)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm | SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5 |
| x86_64 | |
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c |
| kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31 |
| kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f |
| kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa |
| kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28 |
| kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698 |
| kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8 |
| kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43 |
| kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f |
| kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4 |
| kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9 |
| kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm | SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5 |
| x86_64 | |
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c |
| kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31 |
| kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f |
| kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa |
| kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28 |
| kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698 |
| kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 312606b6826c3dceac20fe138d533e266f03862c29ff75c07f062ee3fa9522ac |
| kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8 |
| kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43 |
| kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f |
| kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4 |
| kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 51ec00f4db01546ed15642fd3d1d3d56fe9ef4bd4d1329fbc918cb698164e9b4 |
| kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9 |
| kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm | SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5 |
| x86_64 | |
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c |
| kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31 |
| kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f |
| kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa |
| kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28 |
| kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698 |
| kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8 |
| kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43 |
| kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f |
| kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4 |
| kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9 |
| kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm | SHA-256: b351cc82ad2ae1fd8101e91d50b5a4156d55b236193b6c14154dddc81db315b5 |
| x86_64 | |
| kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: b127f9011daf0eb1d1abfb8053dc4ac068a6b48b14287be1ced727532320907c |
| kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 7b78843c23241fb6c4f47d1435b24b05b532bd9f88a1d3020a7292992e233e31 |
| kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: c3fa614d2327f5996d260798c549264535a5c93e4d0ffb5281daf82e2c2d323f |
| kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: cbcbe9a477f06f0214037ff441fb6e5c85b179875bbf116a9a79f0ab892613aa |
| kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: a22fc7bbbccfc58f5c0874985d577d9fba675440fc178515017e5e9b6304af28 |
| kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: e97859500c8b93bfc39ac17cb2039d140f34df8550647ce094459f2447b72698 |
| kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 312606b6826c3dceac20fe138d533e266f03862c29ff75c07f062ee3fa9522ac |
| kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 4c32f51b874a7202ec15025cb3b6291befb7833ebe09749b012836bf0731f0c8 |
| kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 8cd10396623635d394f22defd058f873280167744dfe5b4f4e97756c69595d43 |
| kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d2332a69438b145fe4f29a0ebf115ad4b95d641ae062384e85d180928dcb60d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 3402c567b60aab71c16e951000dea6412700b4cbd380b6cfa0e0bc29b80b056f |
| kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: d34cbfc2ed065d94d2a83a0bda80d1437fd2b3f5e1765c2240c7d5f3404282c4 |
| kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 51ec00f4db01546ed15642fd3d1d3d56fe9ef4bd4d1329fbc918cb698164e9b4 |
| kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: 01c42b12a069be4459cbd0dec8203d9018bad3a220b29a434edfa5837cb447d9 |
| kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm | SHA-256: be08c5b48d4c547282c087b652d1ec7335dbb578ea967b51728a41d2631c7691 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
