- Issued:
- 2023-08-08
- Updated:
- 2023-08-08
RHSA-2023:4541 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
- kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
- kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)
- kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
- kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
- kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Addding the building of i915 driver to 8.8 (BZ#2208276)
- kernel-rt: update RT source tree to the RHEL-8.8.z2 source tree (BZ#2215026)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
- BZ - 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
- BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
- BZ - 2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
- BZ - 2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
- BZ - 2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events
Red Hat Enterprise Linux for Real Time 8
SRPM | |
---|---|
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm | SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69 |
x86_64 | |
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308 |
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1 |
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b |
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0 |
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c |
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc |
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8 |
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799 |
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5 |
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0 |
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5 |
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017 |
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356 |
Red Hat Enterprise Linux for Real Time for NFV 8
SRPM | |
---|---|
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm | SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69 |
x86_64 | |
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308 |
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1 |
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b |
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0 |
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c |
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc |
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f63eb5c1b49073a50a9e35fc813a9553effa8bb375b7f5d2e773574f4f439db9 |
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8 |
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799 |
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5 |
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0 |
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5 |
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fb83c86587b01f81ca8372f39e0f4b33154f1b3924b401f3895138d5594d3e35 |
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017 |
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356 |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
SRPM | |
---|---|
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm | SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69 |
x86_64 | |
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308 |
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1 |
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b |
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0 |
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c |
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc |
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8 |
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799 |
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5 |
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0 |
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5 |
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017 |
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
SRPM | |
---|---|
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm | SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69 |
x86_64 | |
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308 |
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1 |
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b |
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0 |
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c |
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc |
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f63eb5c1b49073a50a9e35fc813a9553effa8bb375b7f5d2e773574f4f439db9 |
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8 |
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799 |
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5 |
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0 |
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5 |
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fb83c86587b01f81ca8372f39e0f4b33154f1b3924b401f3895138d5594d3e35 |
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017 |
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm | SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.