- Issued:
- 2023-10-10
- Updated:
- 2023-10-10
RHSA-2023:5621 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update to the latest RHEL7.9.z26 source tree (BZ#2232239)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation
- BZ - 2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
- BZ - 2225201 - CVE-2023-3609 kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
Red Hat Enterprise Linux for Real Time 7
SRPM | |
---|---|
kernel-rt-3.10.0-1160.102.1.rt56.1250.el7.src.rpm | SHA-256: 59990745c85e5455f3311ec0a69c4e084ba99e60967ad27c7f752da352065d34 |
x86_64 | |
kernel-rt-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 5c195c652a64d22d4f8d2bcc4f4f8824b27f0ca7264d51b785b93f07eb40b29b |
kernel-rt-debug-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 913693db520a9f4685d74067ef06c6f1e959db6e8bc5994d9dc26c40a69cd2c5 |
kernel-rt-debug-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 3a06b5c6b8f036325884f753fd2e2ee7114550193e64026ee8c30cddc751857e |
kernel-rt-debug-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ea81256f08ff055a40c2369b727ff61dbe4b3c2414a8afdc5f2f897bcc45fc4b |
kernel-rt-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 493131583e8e8fe499a88a426ab2c91e33ef0c0542407c4e7d1b65ae23166992 |
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 956fb3527d2102af60dd70cd2718f9779ac8bf0975f13ca6fdf12c325c9ed524 |
kernel-rt-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 09a5c995290d6f5ec8233a92ba44ec0b78b255ec4c77c00705a30d6e63eb6a1c |
kernel-rt-doc-3.10.0-1160.102.1.rt56.1250.el7.noarch.rpm | SHA-256: c1bb641db6fe86f9aae791b9453919b705fa88e5b03a92b6cd430e3cdb618930 |
kernel-rt-trace-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 27676e4272b6c04467b50ab31eb7e2bd70e015012a6c6f4a75d53fee5a437142 |
kernel-rt-trace-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ee8892cc0ed77c2faa65263545b84009104d4d42a68025bbca87b6cf76f4d696 |
kernel-rt-trace-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 512ba249b7c3b73c89b3c735c9ffe57d610982a4526da03370b59e1e5943804c |
Red Hat Enterprise Linux for Real Time for NFV 7
SRPM | |
---|---|
kernel-rt-3.10.0-1160.102.1.rt56.1250.el7.src.rpm | SHA-256: 59990745c85e5455f3311ec0a69c4e084ba99e60967ad27c7f752da352065d34 |
x86_64 | |
kernel-rt-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 5c195c652a64d22d4f8d2bcc4f4f8824b27f0ca7264d51b785b93f07eb40b29b |
kernel-rt-debug-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 913693db520a9f4685d74067ef06c6f1e959db6e8bc5994d9dc26c40a69cd2c5 |
kernel-rt-debug-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 3a06b5c6b8f036325884f753fd2e2ee7114550193e64026ee8c30cddc751857e |
kernel-rt-debug-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ea81256f08ff055a40c2369b727ff61dbe4b3c2414a8afdc5f2f897bcc45fc4b |
kernel-rt-debug-kvm-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ec5d4e73dff82bd206baa9717075931b5244809ba7f44140f2b34f297e5b26d4 |
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: fba5f0895d45ca81040f4e1258b5e492ed19169d19451460b1449b26ec8c13b8 |
kernel-rt-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 493131583e8e8fe499a88a426ab2c91e33ef0c0542407c4e7d1b65ae23166992 |
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 956fb3527d2102af60dd70cd2718f9779ac8bf0975f13ca6fdf12c325c9ed524 |
kernel-rt-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 09a5c995290d6f5ec8233a92ba44ec0b78b255ec4c77c00705a30d6e63eb6a1c |
kernel-rt-doc-3.10.0-1160.102.1.rt56.1250.el7.noarch.rpm | SHA-256: c1bb641db6fe86f9aae791b9453919b705fa88e5b03a92b6cd430e3cdb618930 |
kernel-rt-kvm-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 4b3b383c8a63f5ad7fdec5ac1c505556764b28a50eea1287447c4b7a33051a46 |
kernel-rt-kvm-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ad7c44773e414e2bbfffac0f121a6ecb63dcf97e16c47a2bdc17445d6940a50d |
kernel-rt-trace-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 27676e4272b6c04467b50ab31eb7e2bd70e015012a6c6f4a75d53fee5a437142 |
kernel-rt-trace-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: ee8892cc0ed77c2faa65263545b84009104d4d42a68025bbca87b6cf76f4d696 |
kernel-rt-trace-devel-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 512ba249b7c3b73c89b3c735c9ffe57d610982a4526da03370b59e1e5943804c |
kernel-rt-trace-kvm-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 7091123d4fd0931cbdc4a7e9c6e90edd87ad980be77c22be93b158639b3443fa |
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.102.1.rt56.1250.el7.x86_64.rpm | SHA-256: 9da6c69d821ce08352016c69f3f9ac816404111cab79b69c39897890ad9d7f4a |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.