- Issued:
- 2023-06-06
- Updated:
- 2023-06-06
RHSA-2023:3470 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
- kernel: udmabuf: improper validation of array index leading to local privilege escalation (CVE-2023-2008)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt-debug: BUG: MAX_LOCKDEP_CHAINS too low (BZ#2181286)
- kernel-rt: update RT source tree to the latest RHEL-9.0.z9 Batch (BZ#2186491)
- kernel-rt: INFO: task deadline_test:1778 blocked for more than 622 seconds (BZ#2188662)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
- BZ - 2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm | SHA-256: 655d17499531193920b448e5d1990eae43eba65c97afd60e7fda0cf395ae45a9 |
| x86_64 | |
| kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 1cb09212e75ca40281ba80ae8e9523bbeeedb2dffa4831102f22c4364f3e091c |
| kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: c529a61fec2ba1b23c0c6be0371f3a1cac465530198ddf7a1516c4cdb5df8195 |
| kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 452cc3c77eec1a4446b34676811c621034691e7522f1ba5b80d383f1e11c87c7 |
| kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: dbc64d4aca4aba2204078cf1a7c701be1307b595bbc065072b299aeb6023267e |
| kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f4ae707afe71e0f79b8f221db6e87f7dc61133b08cbe99a51c1dcd04c46b2842 |
| kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f8b7d366e82156f088a55e84965b4a58b73111128a59ae397e7cefafeb7a684f |
| kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: aeb7db2fa620939ddebfce55493e5b3acf58cf8be4157da1840bfd781e79a240 |
| kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 6c5a91a6db0e1d7a3e2cdc90bfca86ec8d58068a83e93ace887bb23a8148d0e9 |
| kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 91573f33a964fa1e69e18442ad9ed4386bace500022ef72326b0b31cff830e93 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f6fc9cdfbbf55c93f3a53c174cc577898f747c31c7a99778d552f728a9491000 |
| kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: bb2473e9cd39ec543f53bb1422c82b340ec0c3b7a830b35f70c7df4100ec0b1c |
| kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: b40b436ddcc1483fb798c56b98a8fbb438d890720f9fcfd8d1137585fbadd02e |
| kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 0f6b2c5173cbdde0c0da99c0e0d108e95500302515d49d5e1100cb6c1653bc08 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm | SHA-256: 655d17499531193920b448e5d1990eae43eba65c97afd60e7fda0cf395ae45a9 |
| x86_64 | |
| kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 1cb09212e75ca40281ba80ae8e9523bbeeedb2dffa4831102f22c4364f3e091c |
| kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: c529a61fec2ba1b23c0c6be0371f3a1cac465530198ddf7a1516c4cdb5df8195 |
| kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 452cc3c77eec1a4446b34676811c621034691e7522f1ba5b80d383f1e11c87c7 |
| kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: dbc64d4aca4aba2204078cf1a7c701be1307b595bbc065072b299aeb6023267e |
| kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f4ae707afe71e0f79b8f221db6e87f7dc61133b08cbe99a51c1dcd04c46b2842 |
| kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f8b7d366e82156f088a55e84965b4a58b73111128a59ae397e7cefafeb7a684f |
| kernel-rt-debug-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: afe47b9ec6b20c8da68c3fbe648da5683b3335f215e31338d8be85afd055f4e7 |
| kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: aeb7db2fa620939ddebfce55493e5b3acf58cf8be4157da1840bfd781e79a240 |
| kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 6c5a91a6db0e1d7a3e2cdc90bfca86ec8d58068a83e93ace887bb23a8148d0e9 |
| kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 91573f33a964fa1e69e18442ad9ed4386bace500022ef72326b0b31cff830e93 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: f6fc9cdfbbf55c93f3a53c174cc577898f747c31c7a99778d552f728a9491000 |
| kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: bb2473e9cd39ec543f53bb1422c82b340ec0c3b7a830b35f70c7df4100ec0b1c |
| kernel-rt-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 4f8523dcf191612ac028cfba85c5ac3258b84d046eb0b49d424cdd5af7da168f |
| kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: b40b436ddcc1483fb798c56b98a8fbb438d890720f9fcfd8d1137585fbadd02e |
| kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm | SHA-256: 0f6b2c5173cbdde0c0da99c0e0d108e95500302515d49d5e1100cb6c1653bc08 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
