Issued:: 2023-06-21
Updated:: 2023-06-21

RHSA-2023:3705 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.2 x86_64
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64

Fixes

BZ - 2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for Power, little endian 9

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
ppc64le
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.ppc64le.rpm	SHA-256: 7166b28586f86e1982401ada32e72cfe10e2f3bf48b70c0ca94539dfd98473f1
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.ppc64le.rpm	SHA-256: be735c5ccb152615855c40a671361e7b91fbdbf6ec6ebd9fc119aec969f4eea9
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.ppc64le.rpm	SHA-256: 62e68cc7a787ce87fceef7da280c34a7ef57ccca1c6a2636635ad394f5ad07bf

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.src.rpm	SHA-256: e41a9f6240b898241197fd820bfa382414623ec41764678914ff147912929f58
x86_64
kpatch-patch-5_14_0-284_11_1-1-1.el9_2.x86_64.rpm	SHA-256: 05ad5efff1b5d0ef6a82958251e6cbb7070fd283f48fdce89d4d4e3978701871
kpatch-patch-5_14_0-284_11_1-debuginfo-1-1.el9_2.x86_64.rpm	SHA-256: 622c476e212e62e2263da784ed3beb25645f2293920914014cc4e8c95e85ae58
kpatch-patch-5_14_0-284_11_1-debugsource-1-1.el9_2.x86_64.rpm	SHA-256: 437ddae527c0c39c808d629d697978c9c475dec8faa89325c4dfc1b3f98a13e2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation