- Issued:
- 2023-06-21
- Updated:
- 2023-06-21
RHSA-2023:3708 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
- Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
- kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
- kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)
- kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- [RT] Single Node Openshift cluster becomes unreachable after running less than 2 hours (BZ#2186853)
- kernel-rt: update RT source tree to the latest RHEL-9.2.z1 Batch (BZ#2188313)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 9 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 9 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4 x86_64
Fixes
- BZ - 2179000 - CVE-2023-28466 kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
- BZ - 2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution
- BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
- BZ - 2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
- BZ - 2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
Red Hat Enterprise Linux for Real Time 9
SRPM | |
---|---|
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.src.rpm | SHA-256: 3965d841e6870421398f64e0cb75d863434de45bd2a70ea659e01c4e458cc8f3 |
x86_64 | |
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: c12ecd9037541dc8dd1aedac1724a2b1fb2d5ac2da11aa953d68a7c0a8f21a0b |
kernel-rt-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 007bd3db996b59f163eebf735534f7b0e6ac19fd6cf8436a93b843979ba47691 |
kernel-rt-debug-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 7049ee57ded64edac7ec15e33c85dfb098c47038dfe5206c24243a5ae66d7009 |
kernel-rt-debug-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d70e715f8133747ec83b7b2f7d5e4ca78e7144dc4ca99bc49469290fecc73b88 |
kernel-rt-debug-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 387303779c1a7f3995fb6539b357bf7aadb615261bd42c490baa755b1d44dc2b |
kernel-rt-debug-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 60dd0bcd63bfd57928acef83ec9bcb208684ffb4332ee54be837e2e9ef666cc0 |
kernel-rt-debug-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 591745db2254281acb175f7eb92dc8cf5c9a9eca7535c7ed77dad6efb7365daa |
kernel-rt-debug-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 854c086271ad0bfb633f8cd85ec7850a2e55f64f5bdaaf3cc252bf1bf0dfa624 |
kernel-rt-debug-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 75e0bd61e16044ac312da3600788cf16167b71bace343fdb367e85facd735d57 |
kernel-rt-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: fd33d23119826235a73fc60538a8c612f96444c1093fa05c4f89cf8013a744c0 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 11e2f35ef79d9368b85c833e59c70523a4fe0d1767c8d741645a39fd0c3638c3 |
kernel-rt-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 1517b2f4d7b5ddec7ffe14627f1edb498abd68eb87f635683c5fa27dec9e7340 |
kernel-rt-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: f696d1718271e6f4abee20a475da21bbf2283e4ab69a380a6d207a1421fa3b7f |
kernel-rt-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 89487c44430d38e9ac7c74ba310670494f2d94b89cf912aa5fc37b7ef9038e2d |
kernel-rt-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: e711a25c62510b850a2a02f80729fd20d6fbc8c5a877b5a17f17d889f898b3a3 |
Red Hat Enterprise Linux for Real Time for NFV 9
SRPM | |
---|---|
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.src.rpm | SHA-256: 3965d841e6870421398f64e0cb75d863434de45bd2a70ea659e01c4e458cc8f3 |
x86_64 | |
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: c12ecd9037541dc8dd1aedac1724a2b1fb2d5ac2da11aa953d68a7c0a8f21a0b |
kernel-rt-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 007bd3db996b59f163eebf735534f7b0e6ac19fd6cf8436a93b843979ba47691 |
kernel-rt-debug-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 7049ee57ded64edac7ec15e33c85dfb098c47038dfe5206c24243a5ae66d7009 |
kernel-rt-debug-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d70e715f8133747ec83b7b2f7d5e4ca78e7144dc4ca99bc49469290fecc73b88 |
kernel-rt-debug-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 387303779c1a7f3995fb6539b357bf7aadb615261bd42c490baa755b1d44dc2b |
kernel-rt-debug-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 60dd0bcd63bfd57928acef83ec9bcb208684ffb4332ee54be837e2e9ef666cc0 |
kernel-rt-debug-kvm-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: bc130017c2cdcb61c89b83e7c0964991dde6ba23a4567e25f254f718d5a58a43 |
kernel-rt-debug-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 591745db2254281acb175f7eb92dc8cf5c9a9eca7535c7ed77dad6efb7365daa |
kernel-rt-debug-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 854c086271ad0bfb633f8cd85ec7850a2e55f64f5bdaaf3cc252bf1bf0dfa624 |
kernel-rt-debug-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 75e0bd61e16044ac312da3600788cf16167b71bace343fdb367e85facd735d57 |
kernel-rt-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: fd33d23119826235a73fc60538a8c612f96444c1093fa05c4f89cf8013a744c0 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 11e2f35ef79d9368b85c833e59c70523a4fe0d1767c8d741645a39fd0c3638c3 |
kernel-rt-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 1517b2f4d7b5ddec7ffe14627f1edb498abd68eb87f635683c5fa27dec9e7340 |
kernel-rt-kvm-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d0ad21cb4a81d1c42f30477032bd29a686a23abcc45ace5f390d142054096bcd |
kernel-rt-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: f696d1718271e6f4abee20a475da21bbf2283e4ab69a380a6d207a1421fa3b7f |
kernel-rt-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 89487c44430d38e9ac7c74ba310670494f2d94b89cf912aa5fc37b7ef9038e2d |
kernel-rt-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: e711a25c62510b850a2a02f80729fd20d6fbc8c5a877b5a17f17d889f898b3a3 |
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.4
SRPM | |
---|---|
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.src.rpm | SHA-256: 3965d841e6870421398f64e0cb75d863434de45bd2a70ea659e01c4e458cc8f3 |
x86_64 | |
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: c12ecd9037541dc8dd1aedac1724a2b1fb2d5ac2da11aa953d68a7c0a8f21a0b |
kernel-rt-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 007bd3db996b59f163eebf735534f7b0e6ac19fd6cf8436a93b843979ba47691 |
kernel-rt-debug-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 7049ee57ded64edac7ec15e33c85dfb098c47038dfe5206c24243a5ae66d7009 |
kernel-rt-debug-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d70e715f8133747ec83b7b2f7d5e4ca78e7144dc4ca99bc49469290fecc73b88 |
kernel-rt-debug-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 387303779c1a7f3995fb6539b357bf7aadb615261bd42c490baa755b1d44dc2b |
kernel-rt-debug-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 60dd0bcd63bfd57928acef83ec9bcb208684ffb4332ee54be837e2e9ef666cc0 |
kernel-rt-debug-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 591745db2254281acb175f7eb92dc8cf5c9a9eca7535c7ed77dad6efb7365daa |
kernel-rt-debug-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 854c086271ad0bfb633f8cd85ec7850a2e55f64f5bdaaf3cc252bf1bf0dfa624 |
kernel-rt-debug-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 75e0bd61e16044ac312da3600788cf16167b71bace343fdb367e85facd735d57 |
kernel-rt-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: fd33d23119826235a73fc60538a8c612f96444c1093fa05c4f89cf8013a744c0 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 11e2f35ef79d9368b85c833e59c70523a4fe0d1767c8d741645a39fd0c3638c3 |
kernel-rt-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 1517b2f4d7b5ddec7ffe14627f1edb498abd68eb87f635683c5fa27dec9e7340 |
kernel-rt-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: f696d1718271e6f4abee20a475da21bbf2283e4ab69a380a6d207a1421fa3b7f |
kernel-rt-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 89487c44430d38e9ac7c74ba310670494f2d94b89cf912aa5fc37b7ef9038e2d |
kernel-rt-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: e711a25c62510b850a2a02f80729fd20d6fbc8c5a877b5a17f17d889f898b3a3 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.4
SRPM | |
---|---|
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.src.rpm | SHA-256: 3965d841e6870421398f64e0cb75d863434de45bd2a70ea659e01c4e458cc8f3 |
x86_64 | |
kernel-rt-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: c12ecd9037541dc8dd1aedac1724a2b1fb2d5ac2da11aa953d68a7c0a8f21a0b |
kernel-rt-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 007bd3db996b59f163eebf735534f7b0e6ac19fd6cf8436a93b843979ba47691 |
kernel-rt-debug-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 7049ee57ded64edac7ec15e33c85dfb098c47038dfe5206c24243a5ae66d7009 |
kernel-rt-debug-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d70e715f8133747ec83b7b2f7d5e4ca78e7144dc4ca99bc49469290fecc73b88 |
kernel-rt-debug-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 387303779c1a7f3995fb6539b357bf7aadb615261bd42c490baa755b1d44dc2b |
kernel-rt-debug-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 60dd0bcd63bfd57928acef83ec9bcb208684ffb4332ee54be837e2e9ef666cc0 |
kernel-rt-debug-kvm-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: bc130017c2cdcb61c89b83e7c0964991dde6ba23a4567e25f254f718d5a58a43 |
kernel-rt-debug-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 591745db2254281acb175f7eb92dc8cf5c9a9eca7535c7ed77dad6efb7365daa |
kernel-rt-debug-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 854c086271ad0bfb633f8cd85ec7850a2e55f64f5bdaaf3cc252bf1bf0dfa624 |
kernel-rt-debug-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 75e0bd61e16044ac312da3600788cf16167b71bace343fdb367e85facd735d57 |
kernel-rt-debuginfo-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: fd33d23119826235a73fc60538a8c612f96444c1093fa05c4f89cf8013a744c0 |
kernel-rt-debuginfo-common-x86_64-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 11e2f35ef79d9368b85c833e59c70523a4fe0d1767c8d741645a39fd0c3638c3 |
kernel-rt-devel-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 1517b2f4d7b5ddec7ffe14627f1edb498abd68eb87f635683c5fa27dec9e7340 |
kernel-rt-kvm-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: d0ad21cb4a81d1c42f30477032bd29a686a23abcc45ace5f390d142054096bcd |
kernel-rt-modules-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: f696d1718271e6f4abee20a475da21bbf2283e4ab69a380a6d207a1421fa3b7f |
kernel-rt-modules-core-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: 89487c44430d38e9ac7c74ba310670494f2d94b89cf912aa5fc37b7ef9038e2d |
kernel-rt-modules-extra-5.14.0-284.18.1.rt14.303.el9_2.x86_64.rpm | SHA-256: e711a25c62510b850a2a02f80729fd20d6fbc8c5a877b5a17f17d889f898b3a3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.