- Issued:
- 2023-09-19
- Updated:
- 2023-09-19
RHSA-2023:5255 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
'Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-
tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
- kernel: UAF in nftables when nft_set_lookup_global triggered after handling
named and anonymous sets in batch requests (CVE-2023-3390)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
(CVE-2023-35788)
- hw: amd: Cross-Process Information Leak (CVE-2023-20593,zenbleed)
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
(CVE-2023-35001,ZDI-CAN-20721)
- kernel: net/sched: cls_fw component can be exploited as result of failure in
tcf_change_indev function (CVE-2023-3776)
- kernel: netfilter: use-after-free due to improper element removal in
nft_pipapo_remove() (CVE-2023-4004)
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.8.z3 source tree (BZ#2227068)
- pods get restarted due to failed probes (BZ#2227238)
Solution
For details on how to apply this update, which includes the changes described
in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64
Fixes
- BZ - 2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution
- BZ - 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
- BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
- BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak
- BZ - 2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb
- BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
- BZ - 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
- BZ - 2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.src.rpm | SHA-256: 40f5efccf88e799c70c568667bdbd78087a16adced5b7feb0c6ccfa09d5f2d56 |
| x86_64 | |
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 24596ec70857e242235d363d645b03eb5e3a053e254155fb1651b509d6cd1134 |
| kernel-rt-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 8a06dec78639e02af3fe3ae07700ed44e59d5b9f67caaeb818cd2446346ad07f |
| kernel-rt-debug-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fdd244e6de09c6d338c2068454d613452d078481f1d547ee69ebe136b2ab1550 |
| kernel-rt-debug-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 7f56f984eac0d00abc13c6fce1ef178e86bd98fe6f1d93fe3e0d039573762f6a |
| kernel-rt-debug-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0e1b382a905b5be526dd850908f04c3c6dd357542c4f37d9fe8d2e99aa1aa398 |
| kernel-rt-debug-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0ae5424f1e4b8245e828078d625c6aae119aaa4c1380661a93b7f09e7943fbec |
| kernel-rt-debug-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 237fb60d33da7da249018e4947bf1540a0068fd0fd51c1907e63142738b815ef |
| kernel-rt-debug-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 2ed64c85b182691b6f3e55792e15ecca4a9e1ee84cb52e7cc34ac79a813b7912 |
| kernel-rt-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 4ef2dc60a2c276be0d08edf7e960d3ec5c25a2c51a7c1d0650390da142baf1d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: e51702edd2b3373240500c785dda5335cd3587482470a3ed521aa328cc39dd2d |
| kernel-rt-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fa814caf3c0a8f61f689fe8fc92ab61e9d5aa6192af5ee7ca494d8f7d49ebeae |
| kernel-rt-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 67054b20428df086e60bf517b427dd08e54925986723605c0e181a038177a71e |
| kernel-rt-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 21906da779a267d9e917115b1fc71dd5bb15a23b8e506c6d276d6b98859384ed |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.src.rpm | SHA-256: 40f5efccf88e799c70c568667bdbd78087a16adced5b7feb0c6ccfa09d5f2d56 |
| x86_64 | |
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 24596ec70857e242235d363d645b03eb5e3a053e254155fb1651b509d6cd1134 |
| kernel-rt-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 8a06dec78639e02af3fe3ae07700ed44e59d5b9f67caaeb818cd2446346ad07f |
| kernel-rt-debug-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fdd244e6de09c6d338c2068454d613452d078481f1d547ee69ebe136b2ab1550 |
| kernel-rt-debug-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 7f56f984eac0d00abc13c6fce1ef178e86bd98fe6f1d93fe3e0d039573762f6a |
| kernel-rt-debug-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0e1b382a905b5be526dd850908f04c3c6dd357542c4f37d9fe8d2e99aa1aa398 |
| kernel-rt-debug-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0ae5424f1e4b8245e828078d625c6aae119aaa4c1380661a93b7f09e7943fbec |
| kernel-rt-debug-kvm-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: b99d93712575a637606e4777e2aaccc4b27293583a8404123a172561e849086b |
| kernel-rt-debug-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 237fb60d33da7da249018e4947bf1540a0068fd0fd51c1907e63142738b815ef |
| kernel-rt-debug-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 2ed64c85b182691b6f3e55792e15ecca4a9e1ee84cb52e7cc34ac79a813b7912 |
| kernel-rt-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 4ef2dc60a2c276be0d08edf7e960d3ec5c25a2c51a7c1d0650390da142baf1d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: e51702edd2b3373240500c785dda5335cd3587482470a3ed521aa328cc39dd2d |
| kernel-rt-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fa814caf3c0a8f61f689fe8fc92ab61e9d5aa6192af5ee7ca494d8f7d49ebeae |
| kernel-rt-kvm-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: c7231a6564530b4d8593abc058fabdb07873af6cd07b7287e008219d89c163ea |
| kernel-rt-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 67054b20428df086e60bf517b427dd08e54925986723605c0e181a038177a71e |
| kernel-rt-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 21906da779a267d9e917115b1fc71dd5bb15a23b8e506c6d276d6b98859384ed |
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.src.rpm | SHA-256: 40f5efccf88e799c70c568667bdbd78087a16adced5b7feb0c6ccfa09d5f2d56 |
| x86_64 | |
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 24596ec70857e242235d363d645b03eb5e3a053e254155fb1651b509d6cd1134 |
| kernel-rt-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 8a06dec78639e02af3fe3ae07700ed44e59d5b9f67caaeb818cd2446346ad07f |
| kernel-rt-debug-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fdd244e6de09c6d338c2068454d613452d078481f1d547ee69ebe136b2ab1550 |
| kernel-rt-debug-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 7f56f984eac0d00abc13c6fce1ef178e86bd98fe6f1d93fe3e0d039573762f6a |
| kernel-rt-debug-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0e1b382a905b5be526dd850908f04c3c6dd357542c4f37d9fe8d2e99aa1aa398 |
| kernel-rt-debug-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0ae5424f1e4b8245e828078d625c6aae119aaa4c1380661a93b7f09e7943fbec |
| kernel-rt-debug-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 237fb60d33da7da249018e4947bf1540a0068fd0fd51c1907e63142738b815ef |
| kernel-rt-debug-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 2ed64c85b182691b6f3e55792e15ecca4a9e1ee84cb52e7cc34ac79a813b7912 |
| kernel-rt-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 4ef2dc60a2c276be0d08edf7e960d3ec5c25a2c51a7c1d0650390da142baf1d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: e51702edd2b3373240500c785dda5335cd3587482470a3ed521aa328cc39dd2d |
| kernel-rt-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fa814caf3c0a8f61f689fe8fc92ab61e9d5aa6192af5ee7ca494d8f7d49ebeae |
| kernel-rt-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 67054b20428df086e60bf517b427dd08e54925986723605c0e181a038177a71e |
| kernel-rt-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 21906da779a267d9e917115b1fc71dd5bb15a23b8e506c6d276d6b98859384ed |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.src.rpm | SHA-256: 40f5efccf88e799c70c568667bdbd78087a16adced5b7feb0c6ccfa09d5f2d56 |
| x86_64 | |
| kernel-rt-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 24596ec70857e242235d363d645b03eb5e3a053e254155fb1651b509d6cd1134 |
| kernel-rt-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 8a06dec78639e02af3fe3ae07700ed44e59d5b9f67caaeb818cd2446346ad07f |
| kernel-rt-debug-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fdd244e6de09c6d338c2068454d613452d078481f1d547ee69ebe136b2ab1550 |
| kernel-rt-debug-core-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 7f56f984eac0d00abc13c6fce1ef178e86bd98fe6f1d93fe3e0d039573762f6a |
| kernel-rt-debug-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0e1b382a905b5be526dd850908f04c3c6dd357542c4f37d9fe8d2e99aa1aa398 |
| kernel-rt-debug-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 0ae5424f1e4b8245e828078d625c6aae119aaa4c1380661a93b7f09e7943fbec |
| kernel-rt-debug-kvm-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: b99d93712575a637606e4777e2aaccc4b27293583a8404123a172561e849086b |
| kernel-rt-debug-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 237fb60d33da7da249018e4947bf1540a0068fd0fd51c1907e63142738b815ef |
| kernel-rt-debug-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 2ed64c85b182691b6f3e55792e15ecca4a9e1ee84cb52e7cc34ac79a813b7912 |
| kernel-rt-debuginfo-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 4ef2dc60a2c276be0d08edf7e960d3ec5c25a2c51a7c1d0650390da142baf1d0 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: e51702edd2b3373240500c785dda5335cd3587482470a3ed521aa328cc39dd2d |
| kernel-rt-devel-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: fa814caf3c0a8f61f689fe8fc92ab61e9d5aa6192af5ee7ca494d8f7d49ebeae |
| kernel-rt-kvm-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: c7231a6564530b4d8593abc058fabdb07873af6cd07b7287e008219d89c163ea |
| kernel-rt-modules-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 67054b20428df086e60bf517b427dd08e54925986723605c0e181a038177a71e |
| kernel-rt-modules-extra-4.18.0-477.27.1.rt7.290.el8_8.x86_64.rpm | SHA-256: 21906da779a267d9e917115b1fc71dd5bb15a23b8e506c6d276d6b98859384ed |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
