- Issued:
- 2023-07-18
- Updated:
- 2023-07-18
RHSA-2023:4126 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
- kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
- kernel: remote DoS in TIPC kernel module (CVE-2023-1390)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.2.z27 source tree (BZ#2209127)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
- BZ - 2178212 - CVE-2023-1390 kernel: remote DoS in TIPC kernel module
- BZ - 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm | SHA-256: ae3254a707acc2b0e1d0ad18f8b35f5f02239a4fc4422d724174c63cc5be1086 |
| x86_64 | |
| kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 9b11a2b293fa3e94ebcf2bd43853843a7454ddb20e2a7681032b022fd80c1a6f |
| kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 405ec725d1d79fa69ae64fad35a98f7229485bd7548fc4650aa247b9d1b2baa4 |
| kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: ca43591cf3a06756c3828502ceb09f221308610c10007846acde2b164a179c59 |
| kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 85772f8cbb36ac31b6de61769e537d005568d400917c77edf8a00cbaab7458be |
| kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 61c785bc1fe10a62d180056cbff7ad7e9621d593f2f96a8ab277fa93a99260b5 |
| kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: f965df7a4d06b778266b9db261c73d499c96282d506783498b75ded1ca13626e |
| kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: eb4f949586849da048b8126c22dd3ce0536260b72f7eb9defe0980e3eea5083a |
| kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 4a6d90f33a58aeee0f7dfe48a57cab4e9254f22db0da4904a98b62fbefcc46c7 |
| kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 7949e44a1b0addca4433875110f550295a5524218770a2c851df310b7a52627c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: ff2ff3509fec4c81d2acec87ae75cd59a310fa3c14d56db7e76df9660955cdd4 |
| kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 4dc5e84973652136b6cabbbfd3d7ef5d7c0aa56591ea0515b73a662685ce2ef2 |
| kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: f5a9bcadd9b8ec8284f2dc3fc40495f0a02a3deb6f843d9d00773cfdcc2094e0 |
| kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 95d073c2e772a7152ab4a5292331fe6517ae29a9b331ceac03106fedbad95005 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.src.rpm | SHA-256: ae3254a707acc2b0e1d0ad18f8b35f5f02239a4fc4422d724174c63cc5be1086 |
| x86_64 | |
| kernel-rt-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 9b11a2b293fa3e94ebcf2bd43853843a7454ddb20e2a7681032b022fd80c1a6f |
| kernel-rt-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 405ec725d1d79fa69ae64fad35a98f7229485bd7548fc4650aa247b9d1b2baa4 |
| kernel-rt-debug-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: ca43591cf3a06756c3828502ceb09f221308610c10007846acde2b164a179c59 |
| kernel-rt-debug-core-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 85772f8cbb36ac31b6de61769e537d005568d400917c77edf8a00cbaab7458be |
| kernel-rt-debug-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 61c785bc1fe10a62d180056cbff7ad7e9621d593f2f96a8ab277fa93a99260b5 |
| kernel-rt-debug-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: f965df7a4d06b778266b9db261c73d499c96282d506783498b75ded1ca13626e |
| kernel-rt-debug-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: e177a6955acd26ee2091a7a3e5556f38a1b063f35005284b60cdf791a07225ee |
| kernel-rt-debug-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: eb4f949586849da048b8126c22dd3ce0536260b72f7eb9defe0980e3eea5083a |
| kernel-rt-debug-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 4a6d90f33a58aeee0f7dfe48a57cab4e9254f22db0da4904a98b62fbefcc46c7 |
| kernel-rt-debuginfo-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 7949e44a1b0addca4433875110f550295a5524218770a2c851df310b7a52627c |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: ff2ff3509fec4c81d2acec87ae75cd59a310fa3c14d56db7e76df9660955cdd4 |
| kernel-rt-devel-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 4dc5e84973652136b6cabbbfd3d7ef5d7c0aa56591ea0515b73a662685ce2ef2 |
| kernel-rt-kvm-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: cca4c940932a417ca77fa92ffef92d264a1ce7ec821cd768746885ee2f6a5b31 |
| kernel-rt-modules-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: f5a9bcadd9b8ec8284f2dc3fc40495f0a02a3deb6f843d9d00773cfdcc2094e0 |
| kernel-rt-modules-extra-4.18.0-193.109.1.rt13.160.el8_2.x86_64.rpm | SHA-256: 95d073c2e772a7152ab4a5292331fe6517ae29a9b331ceac03106fedbad95005 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
