- Issued:
- 2023-11-14
- Updated:
- 2023-11-14
RHSA-2023:6901 - Security Advisory
Synopsis
Important: kernel-rt security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: tun: double free in tun_free_netdev (CVE-2022-4744)
- kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)
- kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)
- kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
- kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
- kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)
- kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
- kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)
- kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)
- kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
- hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
- kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
- kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)
- kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)
- kernel: use-after-free in qdisc_graft (CVE-2023-0590)
- kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
- kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)
- kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
- kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
- kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
- kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
- kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
- kernel: denial of service in tipc_conn_close (CVE-2023-1382)
- kernel: Use after free bug in btsdio_remove (CVE-2023-1989)
- kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
- kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)
- kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)
- kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
- kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)
- kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)
- kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)
- Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)
- kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
- kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
- kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
- kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
- kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
- kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)
- kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)
- kernel: r592: race condition in r592_remove (CVE-2023-35825)
- kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)
- kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
- kernel: Use after free in r592_remove (CVE-2023-3141)
- kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)
For more details about the security issue(s), refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 8 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
Fixes
- BZ - 2024989 - CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
- BZ - 2073091 - CVE-2022-28388 kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
- BZ - 2133453 - CVE-2022-40133 kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context
- BZ - 2133455 - CVE-2022-38457 kernel: vmwgfx: use-after-free in vmw_cmd_res_check
- BZ - 2139610 - CVE-2022-3640 kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
- BZ - 2147356 - CVE-2022-42895 kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c
- BZ - 2148520 - CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
- BZ - 2149024 - CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
- BZ - 2151317 - CVE-2022-45869 kernel: KVM: x86/mmu: race condition in direct_page_fault()
- BZ - 2156322 - CVE-2022-4744 kernel: tun: avoid double free in tun_free_netdev
- BZ - 2165741 - CVE-2023-0590 kernel: use-after-free due to race condition in qdisc_graft()
- BZ - 2165926 - CVE-2023-0597 kernel: x86/mm: Randomize per-cpu entry area
- BZ - 2168332 - CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
- BZ - 2173403 - CVE-2023-1073 kernel: HID: check empty report_list in hid_validate_values()
- BZ - 2173430 - CVE-2023-1074 kernel: sctp: fail if no bound addresses can be used for a given scope
- BZ - 2173434 - CVE-2023-1075 kernel: net/tls: tls_is_tx_ready() checked list_entry
- BZ - 2173444 - CVE-2023-1079 kernel: hid: Use After Free in asus_remove()
- BZ - 2174400 - CVE-2023-1118 kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition
- BZ - 2175903 - CVE-2023-1206 kernel: hash collisions in the IPv6 connection lookup table
- BZ - 2176140 - CVE-2023-1252 kernel: ovl: fix use after free in struct ovl_aio_req
- BZ - 2177371 - CVE-2023-1382 kernel: denial of service in tipc_conn_close
- BZ - 2177389 - CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
- BZ - 2181330 - CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
- BZ - 2182443 - CVE-2023-26545 kernel: mpls: double free on sysctl allocation failure
- BZ - 2184578 - CVE-2023-1855 kernel: use-after-free bug in remove function xgene_hwmon_remove
- BZ - 2185945 - CVE-2023-1989 kernel: Use after free bug in btsdio_remove due to race condition
- BZ - 2187257 - CVE-2023-1998 kernel: Spectre v2 SMT mitigations problem
- BZ - 2188468 - CVE-2023-30456 kernel: KVM: nVMX: missing consistency checks for CR0 and CR4
- BZ - 2192667 - CVE-2023-33203 kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()
- BZ - 2192671 - CVE-2023-31436 kernel: out-of-bounds write in qfq_change_class function
- BZ - 2193097 - CVE-2023-2513 kernel: ext4: use-after-free in ext4_xattr_set_entry()
- BZ - 2193219 - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
- BZ - 2213139 - CVE-2023-31084 kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible
- BZ - 2213199 - CVE-2023-3141 kernel: Use after free bug in r592_remove
- BZ - 2213485 - CVE-2023-3161 kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
- BZ - 2213802 - CVE-2023-4155 kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
- BZ - 2214348 - CVE-2023-3212 kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
- BZ - 2215502 - CVE-2023-3268 kernel: out-of-bounds access in relay_file_read
- BZ - 2215835 - CVE-2023-35823 kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()
- BZ - 2215836 - CVE-2023-35824 kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()
- BZ - 2215837 - CVE-2023-35825 kernel: r592: race condition leading to use-after-free in r592_remove()
- BZ - 2218195 - CVE-2023-33951 kernel: vmwgfx: race condition leading to information disclosure vulnerability
- BZ - 2218212 - CVE-2023-33952 kernel: vmwgfx: double free within the handling of vmw_buffer_object objects
- BZ - 2218943 - CVE-2023-3772 kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()
- BZ - 2219530 - pods get restarted due to failed probes
- BZ - 2221707 - CVE-2023-4132 kernel: smsusb: use-after-free caused by do_submit_urb()
- BZ - 2223949 - CVE-2022-40982 hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
- BZ - 2225191 - CVE-2023-3611 kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
- BZ - 2225201 - CVE-2023-3609 kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails
- BZ - 2225511 - CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route
- BZ - 2236982 - CVE-2023-4732 kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h
CVEs
- CVE-2021-43975
- CVE-2022-3594
- CVE-2022-3640
- CVE-2022-4744
- CVE-2022-28388
- CVE-2022-38457
- CVE-2022-40133
- CVE-2022-40982
- CVE-2022-42895
- CVE-2022-45869
- CVE-2022-45887
- CVE-2023-0458
- CVE-2023-0590
- CVE-2023-0597
- CVE-2023-1073
- CVE-2023-1074
- CVE-2023-1075
- CVE-2023-1079
- CVE-2023-1118
- CVE-2023-1206
- CVE-2023-1252
- CVE-2023-1382
- CVE-2023-1855
- CVE-2023-1989
- CVE-2023-1998
- CVE-2023-2269
- CVE-2023-2513
- CVE-2023-3141
- CVE-2023-3161
- CVE-2023-3212
- CVE-2023-3268
- CVE-2023-3609
- CVE-2023-3611
- CVE-2023-3772
- CVE-2023-4128
- CVE-2023-4132
- CVE-2023-4155
- CVE-2023-4206
- CVE-2023-4207
- CVE-2023-4208
- CVE-2023-4732
- CVE-2023-23455
- CVE-2023-26545
- CVE-2023-28328
- CVE-2023-28772
- CVE-2023-30456
- CVE-2023-31084
- CVE-2023-31436
- CVE-2023-33203
- CVE-2023-33951
- CVE-2023-33952
- CVE-2023-35823
- CVE-2023-35824
- CVE-2023-35825
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-513.5.1.rt7.307.el8_9.src.rpm | SHA-256: 73c1883a0825842969856ddef58ed951fd79a1729cbfe6806500a06e9c6cccbd |
| x86_64 | |
| kernel-rt-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 7af1abc1f8c698511a866549370d9b3817c9ae1246d0044d93f685e8d2649056 |
| kernel-rt-core-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: eb20f105e437feaa37a70c2e63b68a5c7b63b253f6d6e793b4f19bba4ac4b1fd |
| kernel-rt-debug-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 473a6edeb98cea48a0d06e7924b361849ad00153e7d3a27880c6a189c0d6eec9 |
| kernel-rt-debug-core-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 5ce9b96fa1a9c1168ef553aebddedf07253758681b7811869851eafbdacc8118 |
| kernel-rt-debug-debuginfo-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 1ea89adbd63cb665f8f31bf8f789fdf853d29a24a53e46a329ab89b7e6f72601 |
| kernel-rt-debug-devel-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 9e8ec3a08adb106c2abd9447a7057abc35e3bb7d7ae268dfb17803ed8698d612 |
| kernel-rt-debug-modules-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 45dc617319c26ade2017eed0d7799cba40aa923beda7ade45eafd341663351a5 |
| kernel-rt-debug-modules-extra-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 33e1a5a16ebcae98739ccca5cab4737b69756ccb293fd0e7fb4cf970c375b47c |
| kernel-rt-debuginfo-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 66a12cf10c859e07f5e61f28b44b925565ed64a426a4ec06b9cb271143e33a60 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 8b6808922ab3c0bbc163c6a4a2d7020cb8af2ba850797743e5cbde60034bc664 |
| kernel-rt-devel-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 5812e668edd8f737be6b7166f00299b439aa0d4d97a0be9e1f07eade06443c68 |
| kernel-rt-modules-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 9aea6481c1ef941299a539b379e4af3a074d43e47064678251a979b70c328e80 |
| kernel-rt-modules-extra-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 2356e45aa9eb9f6748e58ec40a8ae65990b51002bbde363161634d8df3a1b6f6 |
Red Hat Enterprise Linux for Real Time for NFV 8
| SRPM | |
|---|---|
| kernel-rt-4.18.0-513.5.1.rt7.307.el8_9.src.rpm | SHA-256: 73c1883a0825842969856ddef58ed951fd79a1729cbfe6806500a06e9c6cccbd |
| x86_64 | |
| kernel-rt-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 7af1abc1f8c698511a866549370d9b3817c9ae1246d0044d93f685e8d2649056 |
| kernel-rt-core-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: eb20f105e437feaa37a70c2e63b68a5c7b63b253f6d6e793b4f19bba4ac4b1fd |
| kernel-rt-debug-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 473a6edeb98cea48a0d06e7924b361849ad00153e7d3a27880c6a189c0d6eec9 |
| kernel-rt-debug-core-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 5ce9b96fa1a9c1168ef553aebddedf07253758681b7811869851eafbdacc8118 |
| kernel-rt-debug-debuginfo-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 1ea89adbd63cb665f8f31bf8f789fdf853d29a24a53e46a329ab89b7e6f72601 |
| kernel-rt-debug-devel-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 9e8ec3a08adb106c2abd9447a7057abc35e3bb7d7ae268dfb17803ed8698d612 |
| kernel-rt-debug-kvm-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: be1bcbe49d633c9bf2cdf3e8bbd6e0caf17e4c6f2a3902971e3b84b050fc9f1f |
| kernel-rt-debug-modules-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 45dc617319c26ade2017eed0d7799cba40aa923beda7ade45eafd341663351a5 |
| kernel-rt-debug-modules-extra-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 33e1a5a16ebcae98739ccca5cab4737b69756ccb293fd0e7fb4cf970c375b47c |
| kernel-rt-debuginfo-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 66a12cf10c859e07f5e61f28b44b925565ed64a426a4ec06b9cb271143e33a60 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 8b6808922ab3c0bbc163c6a4a2d7020cb8af2ba850797743e5cbde60034bc664 |
| kernel-rt-devel-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 5812e668edd8f737be6b7166f00299b439aa0d4d97a0be9e1f07eade06443c68 |
| kernel-rt-kvm-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 704de08110348229734c8c9981d82f8bc3d958081128a65fae47bc8d280ef820 |
| kernel-rt-modules-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 9aea6481c1ef941299a539b379e4af3a074d43e47064678251a979b70c328e80 |
| kernel-rt-modules-extra-4.18.0-513.5.1.rt7.307.el8_9.x86_64.rpm | SHA-256: 2356e45aa9eb9f6748e58ec40a8ae65990b51002bbde363161634d8df3a1b6f6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
