Red Hat Product Errata RHSA-2023:5574 - Security Advisory
Issued:
2023-10-10
Updated:
2023-10-10

RHSA-2023:5574 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
  • kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
  • BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
  • BZ - 2225201 - CVE-2023-3609 kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails

Red Hat Enterprise Linux Server 7

SRPM
kpatch-patch-3_10_0-1160_88_1-1-3.el7.src.rpm SHA-256: 49c3387807a7ba2307e1834d8b3e52c9708e837fe7664cf0551e2642c61e3290
kpatch-patch-3_10_0-1160_90_1-1-3.el7.src.rpm SHA-256: 2dcc7c42d9c18c6e74a2e639a3bbe668d1681e8ca3b1ab9c4433462c69a8acc3
kpatch-patch-3_10_0-1160_92_1-1-3.el7.src.rpm SHA-256: c03ac662a93f5a09719752814f47cd65e6be959617b969914ecb35e268750f57
kpatch-patch-3_10_0-1160_95_1-1-2.el7.src.rpm SHA-256: cf9621dab22c3d82c1468c9a657462cff1a9e3893f27a4c7758c9a640a7330b4
kpatch-patch-3_10_0-1160_99_1-1-1.el7.src.rpm SHA-256: 5028c6e648c162439824c1b3305f43e3c382254d1a14b29d658d5057e6bbd460
x86_64
kpatch-patch-3_10_0-1160_88_1-1-3.el7.x86_64.rpm SHA-256: 2ed977620e805b8e9625c8d5574d0c39afd8c2bd07bca357b05f5ce3c6f7084d
kpatch-patch-3_10_0-1160_88_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: a6dee32da5d9222356a30f818d7c16b1042af34ad3f7088bdb504ff6d0e99f7f
kpatch-patch-3_10_0-1160_90_1-1-3.el7.x86_64.rpm SHA-256: 0a91bd49214962d356cfa00e9b5c4015346990be1e781a32bc34c26d3ce35232
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 2a3caf0787ec026f97105f879418b597f23a050949479ab6c54e5d02c2406e1e
kpatch-patch-3_10_0-1160_92_1-1-3.el7.x86_64.rpm SHA-256: e6a1f1696173e01b11a79133467ac9ee7a7881d06e8f0000747e79f426ce65d7
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 23de8917b434634504721f911253ba2f0d547ae7369811d73a7578197343d9e6
kpatch-patch-3_10_0-1160_95_1-1-2.el7.x86_64.rpm SHA-256: 2c1fe00abac96f01c0e6b35f2f126aecd5e92e15b5fe3b459d77ce9cbcfdd283
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-2.el7.x86_64.rpm SHA-256: 7e34c3faa1398df867badc3476767d329a6f5552ebeb1bbadfeacc95ef16c44d
kpatch-patch-3_10_0-1160_99_1-1-1.el7.x86_64.rpm SHA-256: ea65039b0ff7c727c1659c8c288bb5d7b1c35ae746800165239a5bdb1fd38f2b
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-1.el7.x86_64.rpm SHA-256: 2c2efebbbb9fb15c2162ca90a30157aa0eec4b77711aa2a75affe625e0a1f616

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
kpatch-patch-3_10_0-1160_88_1-1-3.el7.src.rpm SHA-256: 49c3387807a7ba2307e1834d8b3e52c9708e837fe7664cf0551e2642c61e3290
kpatch-patch-3_10_0-1160_90_1-1-3.el7.src.rpm SHA-256: 2dcc7c42d9c18c6e74a2e639a3bbe668d1681e8ca3b1ab9c4433462c69a8acc3
kpatch-patch-3_10_0-1160_92_1-1-3.el7.src.rpm SHA-256: c03ac662a93f5a09719752814f47cd65e6be959617b969914ecb35e268750f57
kpatch-patch-3_10_0-1160_95_1-1-2.el7.src.rpm SHA-256: cf9621dab22c3d82c1468c9a657462cff1a9e3893f27a4c7758c9a640a7330b4
kpatch-patch-3_10_0-1160_99_1-1-1.el7.src.rpm SHA-256: 5028c6e648c162439824c1b3305f43e3c382254d1a14b29d658d5057e6bbd460
x86_64
kpatch-patch-3_10_0-1160_88_1-1-3.el7.x86_64.rpm SHA-256: 2ed977620e805b8e9625c8d5574d0c39afd8c2bd07bca357b05f5ce3c6f7084d
kpatch-patch-3_10_0-1160_88_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: a6dee32da5d9222356a30f818d7c16b1042af34ad3f7088bdb504ff6d0e99f7f
kpatch-patch-3_10_0-1160_90_1-1-3.el7.x86_64.rpm SHA-256: 0a91bd49214962d356cfa00e9b5c4015346990be1e781a32bc34c26d3ce35232
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 2a3caf0787ec026f97105f879418b597f23a050949479ab6c54e5d02c2406e1e
kpatch-patch-3_10_0-1160_92_1-1-3.el7.x86_64.rpm SHA-256: e6a1f1696173e01b11a79133467ac9ee7a7881d06e8f0000747e79f426ce65d7
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 23de8917b434634504721f911253ba2f0d547ae7369811d73a7578197343d9e6
kpatch-patch-3_10_0-1160_95_1-1-2.el7.x86_64.rpm SHA-256: 2c1fe00abac96f01c0e6b35f2f126aecd5e92e15b5fe3b459d77ce9cbcfdd283
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-2.el7.x86_64.rpm SHA-256: 7e34c3faa1398df867badc3476767d329a6f5552ebeb1bbadfeacc95ef16c44d
kpatch-patch-3_10_0-1160_99_1-1-1.el7.x86_64.rpm SHA-256: ea65039b0ff7c727c1659c8c288bb5d7b1c35ae746800165239a5bdb1fd38f2b
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-1.el7.x86_64.rpm SHA-256: 2c2efebbbb9fb15c2162ca90a30157aa0eec4b77711aa2a75affe625e0a1f616

Red Hat Enterprise Linux for Power, little endian 7

SRPM
kpatch-patch-3_10_0-1160_88_1-1-3.el7.src.rpm SHA-256: 49c3387807a7ba2307e1834d8b3e52c9708e837fe7664cf0551e2642c61e3290
kpatch-patch-3_10_0-1160_90_1-1-3.el7.src.rpm SHA-256: 2dcc7c42d9c18c6e74a2e639a3bbe668d1681e8ca3b1ab9c4433462c69a8acc3
kpatch-patch-3_10_0-1160_92_1-1-3.el7.src.rpm SHA-256: c03ac662a93f5a09719752814f47cd65e6be959617b969914ecb35e268750f57
kpatch-patch-3_10_0-1160_95_1-1-2.el7.src.rpm SHA-256: cf9621dab22c3d82c1468c9a657462cff1a9e3893f27a4c7758c9a640a7330b4
kpatch-patch-3_10_0-1160_99_1-1-1.el7.src.rpm SHA-256: 5028c6e648c162439824c1b3305f43e3c382254d1a14b29d658d5057e6bbd460
ppc64le
kpatch-patch-3_10_0-1160_88_1-1-3.el7.ppc64le.rpm SHA-256: 7ce0f4c8dc59ff9e4c1189059124625e35d8878543557875603bed535a8464be
kpatch-patch-3_10_0-1160_88_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 650e04de2594ec14dcbd5ccee04e7c01b7974100790c0c10f30cec9c6c049e63
kpatch-patch-3_10_0-1160_90_1-1-3.el7.ppc64le.rpm SHA-256: 49784b256df0e46a015f298f46a0a133f5efee82c54758e011895e6c125f6263
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: ad4e722bcf44ffd6c69858e0bfd6311440a0ce3447c2822e6cec9c38b07fa0a5
kpatch-patch-3_10_0-1160_92_1-1-3.el7.ppc64le.rpm SHA-256: 7c64e09e891af6642639bb2a3a76f5856009c9a93fb11ec04642b6b631f07af6
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 7fad3b727c89e078b370227164e987e6c0e6350bdc892e9ab162ae6958ea5778
kpatch-patch-3_10_0-1160_95_1-1-2.el7.ppc64le.rpm SHA-256: 2c500b8c2933509fe10ea09acd938bbace1756bb56d9454f12e6a10aa6b46571
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-2.el7.ppc64le.rpm SHA-256: e304031801a83eced3471a7ce6ee3b134222a452949ea298b702f1b66d81e618
kpatch-patch-3_10_0-1160_99_1-1-1.el7.ppc64le.rpm SHA-256: 85c4ae4b322e2c4c1cbdb59e384fa4428f4c11383f11e6497cdaf6204915886c
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-1.el7.ppc64le.rpm SHA-256: 67be64397637798668827a058e7446ba60b83db44fe30764fe1b67cfb96a3ade

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
kpatch-patch-3_10_0-1160_88_1-1-3.el7.src.rpm SHA-256: 49c3387807a7ba2307e1834d8b3e52c9708e837fe7664cf0551e2642c61e3290
kpatch-patch-3_10_0-1160_90_1-1-3.el7.src.rpm SHA-256: 2dcc7c42d9c18c6e74a2e639a3bbe668d1681e8ca3b1ab9c4433462c69a8acc3
kpatch-patch-3_10_0-1160_92_1-1-3.el7.src.rpm SHA-256: c03ac662a93f5a09719752814f47cd65e6be959617b969914ecb35e268750f57
kpatch-patch-3_10_0-1160_95_1-1-2.el7.src.rpm SHA-256: cf9621dab22c3d82c1468c9a657462cff1a9e3893f27a4c7758c9a640a7330b4
kpatch-patch-3_10_0-1160_99_1-1-1.el7.src.rpm SHA-256: 5028c6e648c162439824c1b3305f43e3c382254d1a14b29d658d5057e6bbd460
ppc64le
kpatch-patch-3_10_0-1160_88_1-1-3.el7.ppc64le.rpm SHA-256: 7ce0f4c8dc59ff9e4c1189059124625e35d8878543557875603bed535a8464be
kpatch-patch-3_10_0-1160_88_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 650e04de2594ec14dcbd5ccee04e7c01b7974100790c0c10f30cec9c6c049e63
kpatch-patch-3_10_0-1160_90_1-1-3.el7.ppc64le.rpm SHA-256: 49784b256df0e46a015f298f46a0a133f5efee82c54758e011895e6c125f6263
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: ad4e722bcf44ffd6c69858e0bfd6311440a0ce3447c2822e6cec9c38b07fa0a5
kpatch-patch-3_10_0-1160_92_1-1-3.el7.ppc64le.rpm SHA-256: 7c64e09e891af6642639bb2a3a76f5856009c9a93fb11ec04642b6b631f07af6
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 7fad3b727c89e078b370227164e987e6c0e6350bdc892e9ab162ae6958ea5778
kpatch-patch-3_10_0-1160_95_1-1-2.el7.ppc64le.rpm SHA-256: 2c500b8c2933509fe10ea09acd938bbace1756bb56d9454f12e6a10aa6b46571
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-2.el7.ppc64le.rpm SHA-256: e304031801a83eced3471a7ce6ee3b134222a452949ea298b702f1b66d81e618
kpatch-patch-3_10_0-1160_99_1-1-1.el7.ppc64le.rpm SHA-256: 85c4ae4b322e2c4c1cbdb59e384fa4428f4c11383f11e6497cdaf6204915886c
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-1.el7.ppc64le.rpm SHA-256: 67be64397637798668827a058e7446ba60b83db44fe30764fe1b67cfb96a3ade

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.