- Issued:
- 2023-10-10
- Updated:
- 2023-10-10
RHSA-2023:5603 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)
- kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
- kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
- kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
- kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)
- kernel: denial of service problem in net/unix/diag.c (CVE-2023-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the latest RHEL-9.0.z12 Batch (BZ#2232645)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0 x86_64
Fixes
- BZ - 2175903 - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
- BZ - 2177382 - CVE-2023-28327 kernel: denial of service problem in net/unix/diag.c
- BZ - 2187257 - CVE-2023-1998 kernel: Spectre v2 SMT mitigations problem
- BZ - 2213485 - CVE-2023-3161 kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
- BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
- BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
- BZ - 2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
- BZ - 2225511 - CVE-2023-4128 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
CVEs
Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.0
SRPM | |
---|---|
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.src.rpm | SHA-256: f1d87834cd925e2da702d2be8cb99786192d162b4d9dd5dab3e79469d8439ebb |
x86_64 | |
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 196f5f9942c2aff72791123d436b777bc2c5ef82798bc97c08184bba022768d6 |
kernel-rt-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: d076720ef3fec6817b87befee9f075f128300dde61c56b7688d57c598db3520d |
kernel-rt-debug-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: a7e913335acf22d8d1bdfec2f88b3550e75da4019f40ac1e36b206c08b46b2a6 |
kernel-rt-debug-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: af55741564ee1d63e518f0d50c278372ba3645efe702d774cc390dc9eb780d53 |
kernel-rt-debug-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: ac88bcc4a5af5ce9275f4b23a7ef92bd6921182582feef08222050e5f2a3d36b |
kernel-rt-debug-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 8284aeaab6855186ca1cdda08860d108e42e6d6b8a0fca885c7bd93de607b5da |
kernel-rt-debug-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: d059cc4232f9c289e1495400ef26bf6961f0a428a9767eaf4fa019dceeb134ac |
kernel-rt-debug-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: a30aa69110b3d3f0519caf183a79a732deb81b6644e911f38440ecb1d4166fd2 |
kernel-rt-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 9fc31ff891f5575d7b0ea5f3fce1d7532021723ab26d977d6ef91c2abf91f644 |
kernel-rt-debuginfo-common-x86_64-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: ce83c9787672b6649559b0dafdba02662240753670c2f9ed2a823698a4285423 |
kernel-rt-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: f89ce60858a36b7fd6b5a3589de6f8c4b5ffc55840d1477469720f33bd281e21 |
kernel-rt-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 63391b38967141e9707ec3c39a08e94e9f6390aa5f2245a231c0032707cd9e7f |
kernel-rt-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 2a30debc5c1c668835f51c06cfed7e2a87dfb8538d9bcbeb14bdfce8d9f81fea |
Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.0
SRPM | |
---|---|
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.src.rpm | SHA-256: f1d87834cd925e2da702d2be8cb99786192d162b4d9dd5dab3e79469d8439ebb |
x86_64 | |
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 196f5f9942c2aff72791123d436b777bc2c5ef82798bc97c08184bba022768d6 |
kernel-rt-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: d076720ef3fec6817b87befee9f075f128300dde61c56b7688d57c598db3520d |
kernel-rt-debug-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: a7e913335acf22d8d1bdfec2f88b3550e75da4019f40ac1e36b206c08b46b2a6 |
kernel-rt-debug-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: af55741564ee1d63e518f0d50c278372ba3645efe702d774cc390dc9eb780d53 |
kernel-rt-debug-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: ac88bcc4a5af5ce9275f4b23a7ef92bd6921182582feef08222050e5f2a3d36b |
kernel-rt-debug-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 8284aeaab6855186ca1cdda08860d108e42e6d6b8a0fca885c7bd93de607b5da |
kernel-rt-debug-kvm-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 9269d046f705576cacc95d983acee0ae592e76916d7853962e772ab4cf6d2bd6 |
kernel-rt-debug-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: d059cc4232f9c289e1495400ef26bf6961f0a428a9767eaf4fa019dceeb134ac |
kernel-rt-debug-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: a30aa69110b3d3f0519caf183a79a732deb81b6644e911f38440ecb1d4166fd2 |
kernel-rt-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 9fc31ff891f5575d7b0ea5f3fce1d7532021723ab26d977d6ef91c2abf91f644 |
kernel-rt-debuginfo-common-x86_64-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: ce83c9787672b6649559b0dafdba02662240753670c2f9ed2a823698a4285423 |
kernel-rt-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: f89ce60858a36b7fd6b5a3589de6f8c4b5ffc55840d1477469720f33bd281e21 |
kernel-rt-kvm-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 7e50b3a6be2675e4b0e3256d261bc03ef599f57b02182873534f824b77e961da |
kernel-rt-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 63391b38967141e9707ec3c39a08e94e9f6390aa5f2245a231c0032707cd9e7f |
kernel-rt-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm | SHA-256: 2a30debc5c1c668835f51c06cfed7e2a87dfb8538d9bcbeb14bdfce8d9f81fea |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.