- Issued:
- 2023-07-18
- Updated:
- 2023-07-18
RHSA-2023:4138 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
- kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
- kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
- kernel: use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
- Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
- kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-9.0.z10 Batch (BZ#2209984)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
- BZ - 2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse
- BZ - 2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
- BZ - 2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution
- BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
- BZ - 2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm | SHA-256: 38b570d2b8ce75e9a38cb5a66ecef55873b3a2fefbc1284a6a9bd7e943f7be19 |
| x86_64 | |
| kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: a94d3685525c48e684118c22b5e03d10987eee73a8a03a23aa380719a079cf45 |
| kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 33e61c8cad94d185f76c4b71c1fc300571dbdf47269f821b2bf65ffc6db7d56d |
| kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: e231774e426b2f0e68148e2c3c157d86353661164ee0e2855e1116c60a1b1f7f |
| kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 8c374026b13f192fa6fb602bbc18a7fed50708d9045fc29a4e50d771464046ac |
| kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 1ce0b2438f5412ebf8754802b0339a853c053a270ea852710f579d9cfb6b4e84 |
| kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 0a7316b33710c5fcaa31d68420ab64a0c4d88f3fcd05a68031a26ca604f5cadb |
| kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: c7661f82360d260d8f46015206d750177024d0cacc48b1981ad679901b127d07 |
| kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 5a4f1928f14d5011a1639f6afd6c5344508a86db4c798fad40a481266e51d794 |
| kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 6138ddf30c97615341d800e6c3f0718d34cfad244d18594066cd66e94a396ed2 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 7551330394f33801bcb4f994c1aa5fab868124dd2520c73afbc9afde28f40e3a |
| kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 8ebb7eeeb15b5411458764fb678107aafb9e3bbc22779d98170684c283710203 |
| kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 16cfc7c48a8b0294b07fb69753c178184aac13d8f347a29eaafd82f6be509a42 |
| kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 9dc75f1563bda673db5421b23c16df175ec23c21549f695390a8432bfd981089 |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
| SRPM | |
|---|---|
| kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm | SHA-256: 38b570d2b8ce75e9a38cb5a66ecef55873b3a2fefbc1284a6a9bd7e943f7be19 |
| x86_64 | |
| kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: a94d3685525c48e684118c22b5e03d10987eee73a8a03a23aa380719a079cf45 |
| kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 33e61c8cad94d185f76c4b71c1fc300571dbdf47269f821b2bf65ffc6db7d56d |
| kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: e231774e426b2f0e68148e2c3c157d86353661164ee0e2855e1116c60a1b1f7f |
| kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 8c374026b13f192fa6fb602bbc18a7fed50708d9045fc29a4e50d771464046ac |
| kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 1ce0b2438f5412ebf8754802b0339a853c053a270ea852710f579d9cfb6b4e84 |
| kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 0a7316b33710c5fcaa31d68420ab64a0c4d88f3fcd05a68031a26ca604f5cadb |
| kernel-rt-debug-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: a5e36c95b91aceeb0a675101de8165969aca2d4f5d4eaeb010ee3cde66d51785 |
| kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: c7661f82360d260d8f46015206d750177024d0cacc48b1981ad679901b127d07 |
| kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 5a4f1928f14d5011a1639f6afd6c5344508a86db4c798fad40a481266e51d794 |
| kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 6138ddf30c97615341d800e6c3f0718d34cfad244d18594066cd66e94a396ed2 |
| kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 7551330394f33801bcb4f994c1aa5fab868124dd2520c73afbc9afde28f40e3a |
| kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 8ebb7eeeb15b5411458764fb678107aafb9e3bbc22779d98170684c283710203 |
| kernel-rt-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 1bd9cbd6d41cd3529b4dd7bb8d3f39edafb8eac6de5297366a1b3a4c7ec2e7b0 |
| kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 16cfc7c48a8b0294b07fb69753c178184aac13d8f347a29eaafd82f6be509a42 |
| kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm | SHA-256: 9dc75f1563bda673db5421b23c16df175ec23c21549f695390a8432bfd981089 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
