Red Hat Product Errata RHSA-2023:4821 - Security Advisory
Issued:
2023-08-29
Updated:
2023-08-29

RHSA-2023:4821 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
  • hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update to the latest RHEL7.9.z25 source tree (BZ#2221821)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
  • BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-1160.99.1.rt56.1245.el7.src.rpm SHA-256: 01fa256247b259bead6b22407249f7ae87f987efcf0e195b3485705e38b0f6eb
x86_64
kernel-rt-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 9ebe50e49d48ff08807f8071226cd21081e0122e20e52bd96e2580a184fec55f
kernel-rt-debug-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: ff7f052e0993c8b76359ac82a319a51ce431d9ebc04856b05f60ac72d0b8ed2a
kernel-rt-debug-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: eeef9f95b2a2e77ed4ac9700ba90948c9948a441187d72c00f539dce0de08d96
kernel-rt-debug-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: a05d7b1f2faeb66f4ffa3994377de6e39ef4b5cd2e84460194c315f845d9111d
kernel-rt-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: b416d2e623215f9546cefe6c68feabe1c76c3f858c1b23f0addf846fc522d692
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 3138ecba6c9b8966955846ab03247fdc38eb30a8b75101906f8451a08d4801ae
kernel-rt-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: e7e2d6429a65951e90023372043a3f43e1a3c7f2acd2b9149156dd0e09294868
kernel-rt-doc-3.10.0-1160.99.1.rt56.1245.el7.noarch.rpm SHA-256: fc75ebc8748ba3b3b6086542897ea1e8b84fb6b094fb9f806bd8b1fc211b98e2
kernel-rt-trace-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 98619744819df19d957c54e46931dfb334d42382e1663da1a39e97eab6707a5c
kernel-rt-trace-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 778c0f5a37a4c09ca3a27c75c6182bbcd163382dbe0d9804714add3910aef13e
kernel-rt-trace-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: affe8739255c2cd7bd558876a93626cea0be31ee2c9f1a187cb852d9126eeab9

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-1160.99.1.rt56.1245.el7.src.rpm SHA-256: 01fa256247b259bead6b22407249f7ae87f987efcf0e195b3485705e38b0f6eb
x86_64
kernel-rt-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 9ebe50e49d48ff08807f8071226cd21081e0122e20e52bd96e2580a184fec55f
kernel-rt-debug-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: ff7f052e0993c8b76359ac82a319a51ce431d9ebc04856b05f60ac72d0b8ed2a
kernel-rt-debug-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: eeef9f95b2a2e77ed4ac9700ba90948c9948a441187d72c00f539dce0de08d96
kernel-rt-debug-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: a05d7b1f2faeb66f4ffa3994377de6e39ef4b5cd2e84460194c315f845d9111d
kernel-rt-debug-kvm-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 6f9f6a6b45f98d2455cf88f9d69f0fb803dc15db7d97e05b98be903f9eb4a3cb
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: cf3a2bbfaa6d9da31f023661d2d60e21d4136b20d6495bc64104e4a80b4f45da
kernel-rt-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: b416d2e623215f9546cefe6c68feabe1c76c3f858c1b23f0addf846fc522d692
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 3138ecba6c9b8966955846ab03247fdc38eb30a8b75101906f8451a08d4801ae
kernel-rt-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: e7e2d6429a65951e90023372043a3f43e1a3c7f2acd2b9149156dd0e09294868
kernel-rt-doc-3.10.0-1160.99.1.rt56.1245.el7.noarch.rpm SHA-256: fc75ebc8748ba3b3b6086542897ea1e8b84fb6b094fb9f806bd8b1fc211b98e2
kernel-rt-kvm-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 43fed1ebd920264b67cf888441cba4efb01f57a96f67a418a166f42d74ea4b83
kernel-rt-kvm-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 83e7ab3859c5ca44033b13da741a4acf9f59d44e6c7d2b035f2ecd5b9aeea629
kernel-rt-trace-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 98619744819df19d957c54e46931dfb334d42382e1663da1a39e97eab6707a5c
kernel-rt-trace-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 778c0f5a37a4c09ca3a27c75c6182bbcd163382dbe0d9804714add3910aef13e
kernel-rt-trace-devel-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: affe8739255c2cd7bd558876a93626cea0be31ee2c9f1a187cb852d9126eeab9
kernel-rt-trace-kvm-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: feae7ba81d5baf94e80dab9caddd572936b26550ce5bcc7467f55417e0c33f38
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.99.1.rt56.1245.el7.x86_64.rpm SHA-256: 96e2a3ccdec29a9f81e1120a924860385427d89d718ccac4cb3babfc4ae35ed9

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.