Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:7419 - Security Advisory
Issued:
2023-11-21
Updated:
2023-11-21

RHSA-2023:7419 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kpatch-patch security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)
  • kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
  • kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
  • BZ - 2225191 - CVE-2023-3611 kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead
  • BZ - 2225511 - CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route

CVEs

  • CVE-2023-3611
  • CVE-2023-3776
  • CVE-2023-4128
  • CVE-2023-4206
  • CVE-2023-4207
  • CVE-2023-4208

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
kpatch-patch-3_10_0-1160_102_1-1-1.el7.src.rpm SHA-256: 0d87ddb7b29642c95328aebc532de743f6cf8bc61003321dc2dddd1c754e6e57
kpatch-patch-3_10_0-1160_90_1-1-4.el7.src.rpm SHA-256: 7d000a03416829ab8a724778ce639380a8300ee20214b53e600004d6f7fa1d3c
kpatch-patch-3_10_0-1160_92_1-1-4.el7.src.rpm SHA-256: 0076fc7d9b967ebb6bf0712006eac0ccb4f4800bf96e101d3e97bb2555249ca9
kpatch-patch-3_10_0-1160_95_1-1-3.el7.src.rpm SHA-256: 9b80c188093d049cb53b1ff2e3ae0bfe238933c2ca03505a555fcc11af618317
kpatch-patch-3_10_0-1160_99_1-1-2.el7.src.rpm SHA-256: 10b8a607dff9ff906671e91439fbc9f1928f0ca44c93f56f6b8c954bebc28810
x86_64
kpatch-patch-3_10_0-1160_102_1-1-1.el7.x86_64.rpm SHA-256: 06047673d6c98b66a293ad1db0e7cb2770c8690f6849ae7c265231757faf7a58
kpatch-patch-3_10_0-1160_102_1-debuginfo-1-1.el7.x86_64.rpm SHA-256: 8cd547701d68392f89523f869d10a41b6e184d42c08e51266b4d4e32512d03ab
kpatch-patch-3_10_0-1160_90_1-1-4.el7.x86_64.rpm SHA-256: 75b7d8fd14a5a277604e044002492e2caa2fd73dcea72c2083d9bedff01cfcfb
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 4b79f96f3dafc6548caeda02cf01bbeb5a2b4ef53b4188d0d1af467032d21855
kpatch-patch-3_10_0-1160_92_1-1-4.el7.x86_64.rpm SHA-256: 440c6b7ffcaac981329bef54d500ff151e85a937d5d716d784a1389a4d0e46d4
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: a61a13542132651672ba23decf66b4abc9452167ecca532d9000840db069f695
kpatch-patch-3_10_0-1160_95_1-1-3.el7.x86_64.rpm SHA-256: 8c831341887cee19fa2f1d40d1c4e10116810a837545c41f622cf67059d90181
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 326667930819b2ba2e84afeeadd2bc856e96ccdf087ba01144a4368d4f94fa0a
kpatch-patch-3_10_0-1160_99_1-1-2.el7.x86_64.rpm SHA-256: c57584fbd10211ce64832726304905408c46877a58b674cd29c8eb9d8308d21b
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-2.el7.x86_64.rpm SHA-256: 599e06233920a42533ede1f74a99aedeac8ff563ef9bb0f31bb29f1eb69a6ead

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
kpatch-patch-3_10_0-1160_102_1-1-1.el7.src.rpm SHA-256: 0d87ddb7b29642c95328aebc532de743f6cf8bc61003321dc2dddd1c754e6e57
kpatch-patch-3_10_0-1160_90_1-1-4.el7.src.rpm SHA-256: 7d000a03416829ab8a724778ce639380a8300ee20214b53e600004d6f7fa1d3c
kpatch-patch-3_10_0-1160_92_1-1-4.el7.src.rpm SHA-256: 0076fc7d9b967ebb6bf0712006eac0ccb4f4800bf96e101d3e97bb2555249ca9
kpatch-patch-3_10_0-1160_95_1-1-3.el7.src.rpm SHA-256: 9b80c188093d049cb53b1ff2e3ae0bfe238933c2ca03505a555fcc11af618317
kpatch-patch-3_10_0-1160_99_1-1-2.el7.src.rpm SHA-256: 10b8a607dff9ff906671e91439fbc9f1928f0ca44c93f56f6b8c954bebc28810
x86_64
kpatch-patch-3_10_0-1160_102_1-1-1.el7.x86_64.rpm SHA-256: 06047673d6c98b66a293ad1db0e7cb2770c8690f6849ae7c265231757faf7a58
kpatch-patch-3_10_0-1160_102_1-debuginfo-1-1.el7.x86_64.rpm SHA-256: 8cd547701d68392f89523f869d10a41b6e184d42c08e51266b4d4e32512d03ab
kpatch-patch-3_10_0-1160_90_1-1-4.el7.x86_64.rpm SHA-256: 75b7d8fd14a5a277604e044002492e2caa2fd73dcea72c2083d9bedff01cfcfb
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: 4b79f96f3dafc6548caeda02cf01bbeb5a2b4ef53b4188d0d1af467032d21855
kpatch-patch-3_10_0-1160_92_1-1-4.el7.x86_64.rpm SHA-256: 440c6b7ffcaac981329bef54d500ff151e85a937d5d716d784a1389a4d0e46d4
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-4.el7.x86_64.rpm SHA-256: a61a13542132651672ba23decf66b4abc9452167ecca532d9000840db069f695
kpatch-patch-3_10_0-1160_95_1-1-3.el7.x86_64.rpm SHA-256: 8c831341887cee19fa2f1d40d1c4e10116810a837545c41f622cf67059d90181
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-3.el7.x86_64.rpm SHA-256: 326667930819b2ba2e84afeeadd2bc856e96ccdf087ba01144a4368d4f94fa0a
kpatch-patch-3_10_0-1160_99_1-1-2.el7.x86_64.rpm SHA-256: c57584fbd10211ce64832726304905408c46877a58b674cd29c8eb9d8308d21b
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-2.el7.x86_64.rpm SHA-256: 599e06233920a42533ede1f74a99aedeac8ff563ef9bb0f31bb29f1eb69a6ead

Red Hat Enterprise Linux for Power, little endian 7

SRPM
kpatch-patch-3_10_0-1160_102_1-1-1.el7.src.rpm SHA-256: 0d87ddb7b29642c95328aebc532de743f6cf8bc61003321dc2dddd1c754e6e57
kpatch-patch-3_10_0-1160_90_1-1-4.el7.src.rpm SHA-256: 7d000a03416829ab8a724778ce639380a8300ee20214b53e600004d6f7fa1d3c
kpatch-patch-3_10_0-1160_92_1-1-4.el7.src.rpm SHA-256: 0076fc7d9b967ebb6bf0712006eac0ccb4f4800bf96e101d3e97bb2555249ca9
kpatch-patch-3_10_0-1160_95_1-1-3.el7.src.rpm SHA-256: 9b80c188093d049cb53b1ff2e3ae0bfe238933c2ca03505a555fcc11af618317
kpatch-patch-3_10_0-1160_99_1-1-2.el7.src.rpm SHA-256: 10b8a607dff9ff906671e91439fbc9f1928f0ca44c93f56f6b8c954bebc28810
ppc64le
kpatch-patch-3_10_0-1160_102_1-1-1.el7.ppc64le.rpm SHA-256: 3965c07501720bfb5202d65ad81062807cbc0605504f026eeaee3c3d90b26c3f
kpatch-patch-3_10_0-1160_102_1-debuginfo-1-1.el7.ppc64le.rpm SHA-256: cb007d43e235c8d01734762e4e63697399a290e7d0c9c5e4736359d76bc2f3b1
kpatch-patch-3_10_0-1160_90_1-1-4.el7.ppc64le.rpm SHA-256: e5639bb75a4a76489c7a263fe069d74ce5bb322024060590452c2d97fcdf45b6
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-4.el7.ppc64le.rpm SHA-256: 56781a87790793df1c50306a7371b1b1ffa6f5d6badf187dd4343cc36837587b
kpatch-patch-3_10_0-1160_92_1-1-4.el7.ppc64le.rpm SHA-256: c03f62ccbce050a226a5718f0757a78663a7f093f5a57bd219d111d41b925c0a
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-4.el7.ppc64le.rpm SHA-256: 553682862395c5e612433fea6ec2b2424f970fa7edc1c0640cd0dce6f2bf2ead
kpatch-patch-3_10_0-1160_95_1-1-3.el7.ppc64le.rpm SHA-256: 79426862cc5bed8d0c74aefe3ee95488b2cc78a8ab35025e08192a02d8accb3b
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 0d9078c15448aa28d0939ee958763b72f73016bfdd2d9ca3fbb1d55656b9173e
kpatch-patch-3_10_0-1160_99_1-1-2.el7.ppc64le.rpm SHA-256: aa25e5c8022bde1d40e90e2aae06145571039d018f1e6522d977dc77f5396230
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-2.el7.ppc64le.rpm SHA-256: 083ce06f1dc4c7e92e941848f9c2ac5a808bd6a20a7b9da88616b4dc3cc4a97a

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
kpatch-patch-3_10_0-1160_102_1-1-1.el7.src.rpm SHA-256: 0d87ddb7b29642c95328aebc532de743f6cf8bc61003321dc2dddd1c754e6e57
kpatch-patch-3_10_0-1160_90_1-1-4.el7.src.rpm SHA-256: 7d000a03416829ab8a724778ce639380a8300ee20214b53e600004d6f7fa1d3c
kpatch-patch-3_10_0-1160_92_1-1-4.el7.src.rpm SHA-256: 0076fc7d9b967ebb6bf0712006eac0ccb4f4800bf96e101d3e97bb2555249ca9
kpatch-patch-3_10_0-1160_95_1-1-3.el7.src.rpm SHA-256: 9b80c188093d049cb53b1ff2e3ae0bfe238933c2ca03505a555fcc11af618317
kpatch-patch-3_10_0-1160_99_1-1-2.el7.src.rpm SHA-256: 10b8a607dff9ff906671e91439fbc9f1928f0ca44c93f56f6b8c954bebc28810
ppc64le
kpatch-patch-3_10_0-1160_102_1-1-1.el7.ppc64le.rpm SHA-256: 3965c07501720bfb5202d65ad81062807cbc0605504f026eeaee3c3d90b26c3f
kpatch-patch-3_10_0-1160_102_1-debuginfo-1-1.el7.ppc64le.rpm SHA-256: cb007d43e235c8d01734762e4e63697399a290e7d0c9c5e4736359d76bc2f3b1
kpatch-patch-3_10_0-1160_90_1-1-4.el7.ppc64le.rpm SHA-256: e5639bb75a4a76489c7a263fe069d74ce5bb322024060590452c2d97fcdf45b6
kpatch-patch-3_10_0-1160_90_1-debuginfo-1-4.el7.ppc64le.rpm SHA-256: 56781a87790793df1c50306a7371b1b1ffa6f5d6badf187dd4343cc36837587b
kpatch-patch-3_10_0-1160_92_1-1-4.el7.ppc64le.rpm SHA-256: c03f62ccbce050a226a5718f0757a78663a7f093f5a57bd219d111d41b925c0a
kpatch-patch-3_10_0-1160_92_1-debuginfo-1-4.el7.ppc64le.rpm SHA-256: 553682862395c5e612433fea6ec2b2424f970fa7edc1c0640cd0dce6f2bf2ead
kpatch-patch-3_10_0-1160_95_1-1-3.el7.ppc64le.rpm SHA-256: 79426862cc5bed8d0c74aefe3ee95488b2cc78a8ab35025e08192a02d8accb3b
kpatch-patch-3_10_0-1160_95_1-debuginfo-1-3.el7.ppc64le.rpm SHA-256: 0d9078c15448aa28d0939ee958763b72f73016bfdd2d9ca3fbb1d55656b9173e
kpatch-patch-3_10_0-1160_99_1-1-2.el7.ppc64le.rpm SHA-256: aa25e5c8022bde1d40e90e2aae06145571039d018f1e6522d977dc77f5396230
kpatch-patch-3_10_0-1160_99_1-debuginfo-1-2.el7.ppc64le.rpm SHA-256: 083ce06f1dc4c7e92e941848f9c2ac5a808bd6a20a7b9da88616b4dc3cc4a97a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility