Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:5091 - Security Advisory
Issued:
2023-09-12
Updated:
2023-09-12

RHSA-2023:5091 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
  • kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)
  • kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
  • kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
  • kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)
  • kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
  • kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
  • hw: amd: Cross-Process Information Leak (CVE-2023-20593)
  • kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.2.z3 Batch (BZ#2228482)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 9 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 9 x86_64

Fixes

  • BZ - 2181891 - CVE-2023-1637 kernel: save/restore speculative MSRs during S3 suspend/resume
  • BZ - 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
  • BZ - 2213455 - CVE-2023-21102 kernel: bypass of shadow stack protection due to a logic error
  • BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak
  • BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
  • BZ - 2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
  • BZ - 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
  • BZ - 2225198 - CVE-2023-3610 kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE
  • BZ - 2225239 - CVE-2023-4147 kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
  • BZ - 2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

CVEs

  • CVE-2023-1637
  • CVE-2023-3390
  • CVE-2023-3610
  • CVE-2023-3776
  • CVE-2023-4004
  • CVE-2023-4147
  • CVE-2023-20593
  • CVE-2023-21102
  • CVE-2023-31248
  • CVE-2023-35001

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 9

SRPM
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.src.rpm SHA-256: 9673c13fe73f3cf5590a5fd413a06be33ce99c14e94b694cce1426e3d350f653
x86_64
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 17bc392e7b29524c002af6cd2dc0bc75acba215f2602da6d8bd7ec8aafa7fced
kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: b5cca456711640a94aa31c4089d70b892f21036551147ed0faaa9acfbc5b846f
kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 6570f7c84e1e22374c781434a6cdaa87d128f0c47731e96e148764a1f0dc5d50
kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: d3205111f4005e4952f05578d15c19d72272d48929fd3cbc96c1f7484f1cd040
kernel-rt-debug-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 85d6cd13dc857bd5a3509538b1c881dd52ef22e3bd73ae336a9f81bd277eb21a
kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 58a9e7aaf529cb8708b2c505f0b499467ccb91ef16e421d48cd7ac3094985b4c
kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 1443a5430888d8e5fd8a118e34dcc27e3f5967c494b739d132bb5ab9dd72c645
kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 52d95cd1c47eee622b12de48dcea773982dbece0e47cc036b2e3e544448f6ce6
kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: f1622ac26563f0f2c65a0a40574abf72f1be3995875dfd993c4791679c239a94
kernel-rt-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 0c8dc10410c8c93fe723ff038455a60b1f6ceced4d22ba3528976435d6cb4865
kernel-rt-debuginfo-common-x86_64-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: dc7a51d12e6492869e905968151b593697eb326804879993b396dda7d18bc5ea
kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: a7d724e057dd0c8dda796428f85be30af87d449bb2fd93430acbd61b1b3a6876
kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: cf5ce6e77c7ac885f47ac6623d8e6b4401cc7d9f59ed708932bba3f91bf2c140
kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 427ccd46883d02dc1565db24c814a197bfb436af4df5280fe2279fd9e7e83c5e
kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: aa42fce49809b8486b4fabf566fbaa44a74d9b1bc5e8d4ba4fa374deef1f283c

Red Hat Enterprise Linux for Real Time for NFV 9

SRPM
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.src.rpm SHA-256: 9673c13fe73f3cf5590a5fd413a06be33ce99c14e94b694cce1426e3d350f653
x86_64
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 17bc392e7b29524c002af6cd2dc0bc75acba215f2602da6d8bd7ec8aafa7fced
kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: b5cca456711640a94aa31c4089d70b892f21036551147ed0faaa9acfbc5b846f
kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 6570f7c84e1e22374c781434a6cdaa87d128f0c47731e96e148764a1f0dc5d50
kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: d3205111f4005e4952f05578d15c19d72272d48929fd3cbc96c1f7484f1cd040
kernel-rt-debug-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 85d6cd13dc857bd5a3509538b1c881dd52ef22e3bd73ae336a9f81bd277eb21a
kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 58a9e7aaf529cb8708b2c505f0b499467ccb91ef16e421d48cd7ac3094985b4c
kernel-rt-debug-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: d911daca8eb14d0d6de2653d13a52e64f196960a9266555d91167190806c16eb
kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 1443a5430888d8e5fd8a118e34dcc27e3f5967c494b739d132bb5ab9dd72c645
kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 52d95cd1c47eee622b12de48dcea773982dbece0e47cc036b2e3e544448f6ce6
kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: f1622ac26563f0f2c65a0a40574abf72f1be3995875dfd993c4791679c239a94
kernel-rt-debuginfo-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 0c8dc10410c8c93fe723ff038455a60b1f6ceced4d22ba3528976435d6cb4865
kernel-rt-debuginfo-common-x86_64-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: dc7a51d12e6492869e905968151b593697eb326804879993b396dda7d18bc5ea
kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: a7d724e057dd0c8dda796428f85be30af87d449bb2fd93430acbd61b1b3a6876
kernel-rt-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: ac6f764270f51716bfef386b2b6217e983e39a2dbaf7b4127be9a0e1436c6199
kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: cf5ce6e77c7ac885f47ac6623d8e6b4401cc7d9f59ed708932bba3f91bf2c140
kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: 427ccd46883d02dc1565db24c814a197bfb436af4df5280fe2279fd9e7e83c5e
kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm SHA-256: aa42fce49809b8486b4fabf566fbaa44a74d9b1bc5e8d4ba4fa374deef1f283c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter