Red Hat Product Errata RHSA-2023:5603 - Security Advisory
Issued:
2023-10-10
Updated:
2023-10-10

RHSA-2023:5603 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)
  • kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
  • kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
  • kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
  • kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
  • kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)
  • kernel: denial of service problem in net/unix/diag.c (CVE-2023-28327)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • kernel-rt: update RT source tree to the latest RHEL-9.0.z12 Batch (BZ#2232645)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64

Fixes

  • BZ - 2175903 - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
  • BZ - 2177382 - CVE-2023-28327 kernel: denial of service problem in net/unix/diag.c
  • BZ - 2187257 - CVE-2023-1998 kernel: Spectre v2 SMT mitigations problem
  • BZ - 2213485 - CVE-2023-3161 kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
  • BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
  • BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
  • BZ - 2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
  • BZ - 2225511 - CVE-2023-4128 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.src.rpm SHA-256: f1d87834cd925e2da702d2be8cb99786192d162b4d9dd5dab3e79469d8439ebb
x86_64
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 196f5f9942c2aff72791123d436b777bc2c5ef82798bc97c08184bba022768d6
kernel-rt-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 196f5f9942c2aff72791123d436b777bc2c5ef82798bc97c08184bba022768d6
kernel-rt-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: d076720ef3fec6817b87befee9f075f128300dde61c56b7688d57c598db3520d
kernel-rt-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: d076720ef3fec6817b87befee9f075f128300dde61c56b7688d57c598db3520d
kernel-rt-debug-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: a7e913335acf22d8d1bdfec2f88b3550e75da4019f40ac1e36b206c08b46b2a6
kernel-rt-debug-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: a7e913335acf22d8d1bdfec2f88b3550e75da4019f40ac1e36b206c08b46b2a6
kernel-rt-debug-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: af55741564ee1d63e518f0d50c278372ba3645efe702d774cc390dc9eb780d53
kernel-rt-debug-core-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: af55741564ee1d63e518f0d50c278372ba3645efe702d774cc390dc9eb780d53
kernel-rt-debug-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: ac88bcc4a5af5ce9275f4b23a7ef92bd6921182582feef08222050e5f2a3d36b
kernel-rt-debug-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: ac88bcc4a5af5ce9275f4b23a7ef92bd6921182582feef08222050e5f2a3d36b
kernel-rt-debug-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 8284aeaab6855186ca1cdda08860d108e42e6d6b8a0fca885c7bd93de607b5da
kernel-rt-debug-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 8284aeaab6855186ca1cdda08860d108e42e6d6b8a0fca885c7bd93de607b5da
kernel-rt-debug-kvm-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 9269d046f705576cacc95d983acee0ae592e76916d7853962e772ab4cf6d2bd6
kernel-rt-debug-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: d059cc4232f9c289e1495400ef26bf6961f0a428a9767eaf4fa019dceeb134ac
kernel-rt-debug-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: d059cc4232f9c289e1495400ef26bf6961f0a428a9767eaf4fa019dceeb134ac
kernel-rt-debug-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: a30aa69110b3d3f0519caf183a79a732deb81b6644e911f38440ecb1d4166fd2
kernel-rt-debug-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: a30aa69110b3d3f0519caf183a79a732deb81b6644e911f38440ecb1d4166fd2
kernel-rt-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 9fc31ff891f5575d7b0ea5f3fce1d7532021723ab26d977d6ef91c2abf91f644
kernel-rt-debuginfo-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 9fc31ff891f5575d7b0ea5f3fce1d7532021723ab26d977d6ef91c2abf91f644
kernel-rt-debuginfo-common-x86_64-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: ce83c9787672b6649559b0dafdba02662240753670c2f9ed2a823698a4285423
kernel-rt-debuginfo-common-x86_64-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: ce83c9787672b6649559b0dafdba02662240753670c2f9ed2a823698a4285423
kernel-rt-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: f89ce60858a36b7fd6b5a3589de6f8c4b5ffc55840d1477469720f33bd281e21
kernel-rt-devel-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: f89ce60858a36b7fd6b5a3589de6f8c4b5ffc55840d1477469720f33bd281e21
kernel-rt-kvm-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 7e50b3a6be2675e4b0e3256d261bc03ef599f57b02182873534f824b77e961da
kernel-rt-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 63391b38967141e9707ec3c39a08e94e9f6390aa5f2245a231c0032707cd9e7f
kernel-rt-modules-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 63391b38967141e9707ec3c39a08e94e9f6390aa5f2245a231c0032707cd9e7f
kernel-rt-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 2a30debc5c1c668835f51c06cfed7e2a87dfb8538d9bcbeb14bdfce8d9f81fea
kernel-rt-modules-extra-5.14.0-70.75.1.rt21.146.el9_0.x86_64.rpm SHA-256: 2a30debc5c1c668835f51c06cfed7e2a87dfb8538d9bcbeb14bdfce8d9f81fea

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.