Red Hat Product Errata RHSA-2023:5775 - Security Advisory
Issued:
2023-10-17
Updated:
2023-10-17

RHSA-2023:5775 - Security Advisory

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
  • kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
  • BZ - 2225201 - CVE-2023-3609 kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
  • BZ - 2225511 - CVE-2023-4128 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.src.rpm SHA-256: 338c560d210028db718ae05a39e8bcb98dcacf2dc0617a4c8f73473938289edf
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.src.rpm SHA-256: 7ca2a19492b033e45b28ac4844ca889190cd188c8d31617e50b1cfac630c0c9c
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.src.rpm SHA-256: f533cefec4f96d3992ed1bd6a576e67483ba9a8543516a95d9d49f165e1515a0
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.src.rpm SHA-256: 1026d7d991183dde7f9cab4aff3459bf975f8dae9d4a0cf7c5d43fd8ec0a8a26
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.src.rpm SHA-256: 29adb7871e34cd084cf5fe1d5e423c053d8825723daf7704e15556a0c3cb8f6a
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.src.rpm SHA-256: 9b364fe635d9fe781c07b09f4748d0cab57a088b019037cc379e6d788bbf2554
x86_64
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.x86_64.rpm SHA-256: defadd779d4e7c06d77390db1b27fb19fb4f3bd36e9b42eee8b10d63d7bfdc41
kpatch-patch-4_18_0-305_103_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: bcc99220f4e76a26b7e0be564e2640b7771c860f428e0a761d15a0fae40322a2
kpatch-patch-4_18_0-305_103_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: ca5bd7952ecbe7042bd8ac4be26b70790d57bae04d022f622d1f960a065d2e6f
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.x86_64.rpm SHA-256: 4d6840c9bb4dcb531e9e3591642b17e5682dccd0bdfa13a2131a456022947423
kpatch-patch-4_18_0-305_82_1-debuginfo-1-5.el8_4.x86_64.rpm SHA-256: e22af20bf7f66415d623ec88e881d6e5f42740727861d59d954aae01337ccdc8
kpatch-patch-4_18_0-305_82_1-debugsource-1-5.el8_4.x86_64.rpm SHA-256: d9abbb2a8cc1417f721fe6eef9402cc0c1a19fc0bcc9ee5b0b6fcd7d32455c34
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.x86_64.rpm SHA-256: 2675eeb326e7b44d7de5743a35d18f4d33b234371b8c36fc08dcd3bcbd1d1935
kpatch-patch-4_18_0-305_86_2-debuginfo-1-4.el8_4.x86_64.rpm SHA-256: 372d7bddf03ce3d462ab2b5815a2ba8430410de9fb74790ac9d859ce9770bbc9
kpatch-patch-4_18_0-305_86_2-debugsource-1-4.el8_4.x86_64.rpm SHA-256: fb5e7f1469d6c0e73f85bf56e007f0ef078666c12f3aa35a37c405edd128475c
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.x86_64.rpm SHA-256: 77032a5f94518b2e5556de26dd317ea4382462606097a5383599b7206de33f50
kpatch-patch-4_18_0-305_88_1-debuginfo-1-4.el8_4.x86_64.rpm SHA-256: f6d40fff78dedb3663dcc8ea78474df5dedc24c2061d695807ab0b5d4ba65202
kpatch-patch-4_18_0-305_88_1-debugsource-1-4.el8_4.x86_64.rpm SHA-256: 7f06f321f4711d879e1827330d9e84763eff2cc7e04bfeb2acc12d0f53d76de5
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.x86_64.rpm SHA-256: 3f5f533c53cf5a5db599edbfae1dc756c2093a6b193e2a335216682572623f30
kpatch-patch-4_18_0-305_91_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: ebd28ef6eccebfa0611ccddddc331a59ded0d3523cb770c49d695dfa7c19ead4
kpatch-patch-4_18_0-305_91_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 28d8c460f8bdc036635fefadd2c557d829c117a7d54f78ce25bda3816f5e2317
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.x86_64.rpm SHA-256: 0e782471b4bfda5e4eb511534441e954cee02b448846d8a0d7ff412e0fbbcb2e
kpatch-patch-4_18_0-305_97_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: e9c26f7162b0a7c9e00ff525ffba7bafc53b3de0a5abb6ac4346873eace710b8
kpatch-patch-4_18_0-305_97_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 7bb29d16ea4e902e54b086eb08c3b0d899506558588864858dcb2d50aebd87ac

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.src.rpm SHA-256: 338c560d210028db718ae05a39e8bcb98dcacf2dc0617a4c8f73473938289edf
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.src.rpm SHA-256: 7ca2a19492b033e45b28ac4844ca889190cd188c8d31617e50b1cfac630c0c9c
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.src.rpm SHA-256: f533cefec4f96d3992ed1bd6a576e67483ba9a8543516a95d9d49f165e1515a0
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.src.rpm SHA-256: 1026d7d991183dde7f9cab4aff3459bf975f8dae9d4a0cf7c5d43fd8ec0a8a26
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.src.rpm SHA-256: 29adb7871e34cd084cf5fe1d5e423c053d8825723daf7704e15556a0c3cb8f6a
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.src.rpm SHA-256: 9b364fe635d9fe781c07b09f4748d0cab57a088b019037cc379e6d788bbf2554
ppc64le
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.ppc64le.rpm SHA-256: 2b523e08f681cdd5a8f16900c31b9e12c1efe534ebd403642e663db14966b731
kpatch-patch-4_18_0-305_103_1-debuginfo-1-1.el8_4.ppc64le.rpm SHA-256: be68142fcc401df97a8119c926f3bd32df2eb9e3743415af345ce276b512828c
kpatch-patch-4_18_0-305_103_1-debugsource-1-1.el8_4.ppc64le.rpm SHA-256: a353bbf64a61e213590361c2ec340c7fac94150b4d6cee53ab1568d6d7ec0d1b
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.ppc64le.rpm SHA-256: e6d104a820e2a3065efe524b215949e5fa7fd8af7533dc99fb1d95014ab4acd2
kpatch-patch-4_18_0-305_82_1-debuginfo-1-5.el8_4.ppc64le.rpm SHA-256: 21fc949dbade845b0f45d9219c83f8906978856f59bfa74ea99d3b2feb458dc8
kpatch-patch-4_18_0-305_82_1-debugsource-1-5.el8_4.ppc64le.rpm SHA-256: e11861b348ca9444daf2414c6055d942974ab9c9ecfcc27fdbdc1385cb39c662
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.ppc64le.rpm SHA-256: 1a4b1739e962e9d7a6a1e489c1ecf58bdef98afddff8b6c5f8d1ce3aa6662aa9
kpatch-patch-4_18_0-305_86_2-debuginfo-1-4.el8_4.ppc64le.rpm SHA-256: 887bed0d0b510932bed96e5c6242c89c5f5d5aa055911b3817cd3fd819c69bb1
kpatch-patch-4_18_0-305_86_2-debugsource-1-4.el8_4.ppc64le.rpm SHA-256: 11c2e3f66c5f4b8835a07e8129c22add620fa596750d99f293c294c7e671913b
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.ppc64le.rpm SHA-256: 35d7a4aa97e25e5f72a26450cdf2103df888bd4ff2933bbcd067e60943c98f22
kpatch-patch-4_18_0-305_88_1-debuginfo-1-4.el8_4.ppc64le.rpm SHA-256: b51e9068d08550ab7d725398dbea15a495c7db21aded8000a1d24182ad86b8b3
kpatch-patch-4_18_0-305_88_1-debugsource-1-4.el8_4.ppc64le.rpm SHA-256: 789775d1e4113b84d6ba4c7a88df25cc9318489a60b1ad99df1b10f3e91ae3a6
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.ppc64le.rpm SHA-256: 1c73529d1e31d271cbda53f37b92edd6d7c31ef69e7d63e3824727283d8d9572
kpatch-patch-4_18_0-305_91_1-debuginfo-1-3.el8_4.ppc64le.rpm SHA-256: fdea7dbfa3b5928f7cffee3c21227dbee4d856868a55184d330b8b45b2872f0a
kpatch-patch-4_18_0-305_91_1-debugsource-1-3.el8_4.ppc64le.rpm SHA-256: 8da7ac1cbd881f3449ea03cdcfb0b7f59aba96397eb4a9559eadeb2afad1edbf
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.ppc64le.rpm SHA-256: 5dec893c16f88b744bbfe239d092dc6ff3b18c08fa6f378140a87e0aa19efa0e
kpatch-patch-4_18_0-305_97_1-debuginfo-1-2.el8_4.ppc64le.rpm SHA-256: f4a5a2f0f05908e3f381513b61430efb11aee3f9f878ce5c4a49fa8eabbeab97
kpatch-patch-4_18_0-305_97_1-debugsource-1-2.el8_4.ppc64le.rpm SHA-256: 8ed275b8d2f0ebb5f40e7ff51da6c83628947879eb4767a25ad4a93fd2ef0a60

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.src.rpm SHA-256: 338c560d210028db718ae05a39e8bcb98dcacf2dc0617a4c8f73473938289edf
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.src.rpm SHA-256: 7ca2a19492b033e45b28ac4844ca889190cd188c8d31617e50b1cfac630c0c9c
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.src.rpm SHA-256: f533cefec4f96d3992ed1bd6a576e67483ba9a8543516a95d9d49f165e1515a0
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.src.rpm SHA-256: 1026d7d991183dde7f9cab4aff3459bf975f8dae9d4a0cf7c5d43fd8ec0a8a26
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.src.rpm SHA-256: 29adb7871e34cd084cf5fe1d5e423c053d8825723daf7704e15556a0c3cb8f6a
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.src.rpm SHA-256: 9b364fe635d9fe781c07b09f4748d0cab57a088b019037cc379e6d788bbf2554
x86_64
kpatch-patch-4_18_0-305_103_1-1-1.el8_4.x86_64.rpm SHA-256: defadd779d4e7c06d77390db1b27fb19fb4f3bd36e9b42eee8b10d63d7bfdc41
kpatch-patch-4_18_0-305_103_1-debuginfo-1-1.el8_4.x86_64.rpm SHA-256: bcc99220f4e76a26b7e0be564e2640b7771c860f428e0a761d15a0fae40322a2
kpatch-patch-4_18_0-305_103_1-debugsource-1-1.el8_4.x86_64.rpm SHA-256: ca5bd7952ecbe7042bd8ac4be26b70790d57bae04d022f622d1f960a065d2e6f
kpatch-patch-4_18_0-305_82_1-1-5.el8_4.x86_64.rpm SHA-256: 4d6840c9bb4dcb531e9e3591642b17e5682dccd0bdfa13a2131a456022947423
kpatch-patch-4_18_0-305_82_1-debuginfo-1-5.el8_4.x86_64.rpm SHA-256: e22af20bf7f66415d623ec88e881d6e5f42740727861d59d954aae01337ccdc8
kpatch-patch-4_18_0-305_82_1-debugsource-1-5.el8_4.x86_64.rpm SHA-256: d9abbb2a8cc1417f721fe6eef9402cc0c1a19fc0bcc9ee5b0b6fcd7d32455c34
kpatch-patch-4_18_0-305_86_2-1-4.el8_4.x86_64.rpm SHA-256: 2675eeb326e7b44d7de5743a35d18f4d33b234371b8c36fc08dcd3bcbd1d1935
kpatch-patch-4_18_0-305_86_2-debuginfo-1-4.el8_4.x86_64.rpm SHA-256: 372d7bddf03ce3d462ab2b5815a2ba8430410de9fb74790ac9d859ce9770bbc9
kpatch-patch-4_18_0-305_86_2-debugsource-1-4.el8_4.x86_64.rpm SHA-256: fb5e7f1469d6c0e73f85bf56e007f0ef078666c12f3aa35a37c405edd128475c
kpatch-patch-4_18_0-305_88_1-1-4.el8_4.x86_64.rpm SHA-256: 77032a5f94518b2e5556de26dd317ea4382462606097a5383599b7206de33f50
kpatch-patch-4_18_0-305_88_1-debuginfo-1-4.el8_4.x86_64.rpm SHA-256: f6d40fff78dedb3663dcc8ea78474df5dedc24c2061d695807ab0b5d4ba65202
kpatch-patch-4_18_0-305_88_1-debugsource-1-4.el8_4.x86_64.rpm SHA-256: 7f06f321f4711d879e1827330d9e84763eff2cc7e04bfeb2acc12d0f53d76de5
kpatch-patch-4_18_0-305_91_1-1-3.el8_4.x86_64.rpm SHA-256: 3f5f533c53cf5a5db599edbfae1dc756c2093a6b193e2a335216682572623f30
kpatch-patch-4_18_0-305_91_1-debuginfo-1-3.el8_4.x86_64.rpm SHA-256: ebd28ef6eccebfa0611ccddddc331a59ded0d3523cb770c49d695dfa7c19ead4
kpatch-patch-4_18_0-305_91_1-debugsource-1-3.el8_4.x86_64.rpm SHA-256: 28d8c460f8bdc036635fefadd2c557d829c117a7d54f78ce25bda3816f5e2317
kpatch-patch-4_18_0-305_97_1-1-2.el8_4.x86_64.rpm SHA-256: 0e782471b4bfda5e4eb511534441e954cee02b448846d8a0d7ff412e0fbbcb2e
kpatch-patch-4_18_0-305_97_1-debuginfo-1-2.el8_4.x86_64.rpm SHA-256: e9c26f7162b0a7c9e00ff525ffba7bafc53b3de0a5abb6ac4346873eace710b8
kpatch-patch-4_18_0-305_97_1-debugsource-1-2.el8_4.x86_64.rpm SHA-256: 7bb29d16ea4e902e54b086eb08c3b0d899506558588864858dcb2d50aebd87ac

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.