Red Hat Product Errata RHSA-2023:7548 - Security Advisory
Issued:
2023-11-28
Updated:
2023-11-28

RHSA-2023:7548 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
  • kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
  • kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
  • kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)
  • kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)
  • kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)
  • kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

  • BZ - 2148510 - CVE-2022-45884 kernel: use-after-free due to race condition occurring in dvb_register_device()
  • BZ - 2148517 - CVE-2022-45886 kernel: use-after-free due to race condition occurring in dvb_net.c
  • BZ - 2151956 - CVE-2022-45919 kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c
  • BZ - 2154178 - CVE-2023-1192 kernel: use-after-free in smb2_is_status_io_timeout()
  • BZ - 2224048 - CVE-2023-3812 kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags
  • BZ - 2240249 - CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe
  • BZ - 2241924 - CVE-2023-5178 kernel: use after free in nvmet_tcp_free_crypto in NVMe

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.src.rpm SHA-256: 6d3e14dfbda59ede175cfdf32d7e187b98f02c5c7e16453645cda4ac4b920d9c
x86_64
kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 857488ff73c2cd92be732f6101b688e2c3dc47cf16a2aaba149acc8d4726c07e
kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 77c1e0885c0d585f1eb1581175ead8b9eed2bcc2341d1160be1a164ec580cfeb
kernel-rt-debug-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 530a6c2c223f7e2f0bf9565da6b030c808f0024f961f61973bd031323bb774cd
kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 7851a3d866da8e0f34bd0ee122fe1b786701908c4f30b19e85fb854a4f5d93cc
kernel-rt-debug-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 7bed2c634670416107e986bdf14e54826dd783a26eac3855318d55a04dd70631
kernel-rt-debug-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 0085ab18083b9ea5b398f30f1bdece04f89d05c8e2bd4f6f8c831136514797ba
kernel-rt-debug-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 481438e708ed56014b6632884a9e67eaadd09b8727d97f03029d2abe902a0bf7
kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 8a4d442096938d66fe4198f841c37ebf1718c82f8fc7599967d73e7a135f0937
kernel-rt-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 86fce5634df349ec913f6bce5e59093c497e54e3e28ceefb7adf37356989edd8
kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: aae95caa660fe9d9641b5e259ee8af02ad5d94d8f4f38cbf8c80a866351ee401
kernel-rt-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 3bd956d3d50c65f718a902ff7b5b921b20b3c014b193502a7d66a3ca90332311
kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 286d7eff6e385b9df964d38ca25ce1cca57032c9bda521e5d7426ca2b410b326
kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: a556972b02e92fbbf6970be3cbc8f9812c54f8823175e36f325f58cc0149f545

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.src.rpm SHA-256: 6d3e14dfbda59ede175cfdf32d7e187b98f02c5c7e16453645cda4ac4b920d9c
x86_64
kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 857488ff73c2cd92be732f6101b688e2c3dc47cf16a2aaba149acc8d4726c07e
kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 77c1e0885c0d585f1eb1581175ead8b9eed2bcc2341d1160be1a164ec580cfeb
kernel-rt-debug-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 530a6c2c223f7e2f0bf9565da6b030c808f0024f961f61973bd031323bb774cd
kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 7851a3d866da8e0f34bd0ee122fe1b786701908c4f30b19e85fb854a4f5d93cc
kernel-rt-debug-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 7bed2c634670416107e986bdf14e54826dd783a26eac3855318d55a04dd70631
kernel-rt-debug-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 0085ab18083b9ea5b398f30f1bdece04f89d05c8e2bd4f6f8c831136514797ba
kernel-rt-debug-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 7f7a72e8c5810669b044706d6f38dab15a15971c4e3124517ab2ba4bfaeedf70
kernel-rt-debug-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 481438e708ed56014b6632884a9e67eaadd09b8727d97f03029d2abe902a0bf7
kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 8a4d442096938d66fe4198f841c37ebf1718c82f8fc7599967d73e7a135f0937
kernel-rt-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 86fce5634df349ec913f6bce5e59093c497e54e3e28ceefb7adf37356989edd8
kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: aae95caa660fe9d9641b5e259ee8af02ad5d94d8f4f38cbf8c80a866351ee401
kernel-rt-devel-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 3bd956d3d50c65f718a902ff7b5b921b20b3c014b193502a7d66a3ca90332311
kernel-rt-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: cf32f0c27c0c50c8b400006721f1bb8910f5927329e454e8d98d0c092e5a8432
kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: 286d7eff6e385b9df964d38ca25ce1cca57032c9bda521e5d7426ca2b410b326
kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm SHA-256: a556972b02e92fbbf6970be3cbc8f9812c54f8823175e36f325f58cc0149f545

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.