Issued:: 2024-01-10
Updated:: 2024-01-10

RHSA-2024:0134 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)
kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

kernel-rt: update RT source tree to the latest RHEL-8.9.z1 Batch (JIRA:RHEL-17347)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

Red Hat Enterprise Linux for Real Time 8 x86_64
Red Hat Enterprise Linux for Real Time for NFV 8 x86_64

Fixes

BZ - 2187773 - CVE-2023-2162 Kernel: UAF during login when accessing the shost ipaddress
BZ - 2207625 - CVE-2023-20569 hw amd: Return Address Predictor vulnerability leading to information disclosure
BZ - 2237760 - CVE-2023-4622 kernel: use after free in unix_stream_sendpage
BZ - 2239843 - CVE-2023-42753 kernel: netfilter: potential slab-out-of-bound access due to integer underflow
BZ - 2245663 - CVE-2023-5633 kernel: vmwgfx: reference count issue leads to use-after-free in surface handling

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-513.11.1.rt7.313.el8_9.src.rpm	SHA-256: 69b6d490e1326bbfb45f09b43274fa57471e1f756b2e3a2a7488f37f6bd72577
x86_64
kernel-rt-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 55acbd5190e61e7b862cea1aa23bab36f13f390b893804a6405690e4bfb1ea90
kernel-rt-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 39832c515e9aa623b5abaa8f113be79c57aa1b1ef200fcaa58b96b27675f99c4
kernel-rt-debug-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: abc96e00f9ddbc9121350503a0d6e7ad79fcb7b7514f731c3992af04eef954c1
kernel-rt-debug-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 225dccba5a72450e93cea427a0aae19a4d379393d0265cbf64ff629e59d4d0ae
kernel-rt-debug-debuginfo-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: d9bc16bf683c7c7691f122339f3ff2e182e931ef83fd5ff3b9c4916695790067
kernel-rt-debug-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: f8b53c7f4d3e2465bea03590eecb38d832db3d7ee740471b209c54f091cfd067
kernel-rt-debug-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: fe5ec6b300db81b4b1788226e6e34f691fe7e365f495c908eff13e75a02d394f
kernel-rt-debug-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 5603691866d18b412c96d1bf308c2ae81c52eec7b4418c610da90488c5aac813
kernel-rt-debuginfo-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: c5dd2fc31566f296215c91e9f0f1441743b0ca29ed62206f14a9551c997726bc
kernel-rt-debuginfo-common-x86_64-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 21171dc40ef8101d9933ec92beb71cd5eaad7b02611594ec9fdf7d8b838b88a7
kernel-rt-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 8a083597f043c630648aa02cd68214e5cb20afc22a211370a1c650b8af3503cb
kernel-rt-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 5de241fb771c3553faf7fc2af3756b22d485b54bd396491e8a9ad9491281dce8
kernel-rt-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: d8c2740d41d2b5438e728c4edc4d33cb68b28094ee186af71a4b842cd5d60bc2

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-513.11.1.rt7.313.el8_9.src.rpm	SHA-256: 69b6d490e1326bbfb45f09b43274fa57471e1f756b2e3a2a7488f37f6bd72577
x86_64
kernel-rt-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 55acbd5190e61e7b862cea1aa23bab36f13f390b893804a6405690e4bfb1ea90
kernel-rt-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 39832c515e9aa623b5abaa8f113be79c57aa1b1ef200fcaa58b96b27675f99c4
kernel-rt-debug-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: abc96e00f9ddbc9121350503a0d6e7ad79fcb7b7514f731c3992af04eef954c1
kernel-rt-debug-core-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 225dccba5a72450e93cea427a0aae19a4d379393d0265cbf64ff629e59d4d0ae
kernel-rt-debug-debuginfo-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: d9bc16bf683c7c7691f122339f3ff2e182e931ef83fd5ff3b9c4916695790067
kernel-rt-debug-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: f8b53c7f4d3e2465bea03590eecb38d832db3d7ee740471b209c54f091cfd067
kernel-rt-debug-kvm-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 769ab4b765c24e9dc4b5edffaa8d6f4753684ff41773bac531e28d97e5b582da
kernel-rt-debug-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: fe5ec6b300db81b4b1788226e6e34f691fe7e365f495c908eff13e75a02d394f
kernel-rt-debug-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 5603691866d18b412c96d1bf308c2ae81c52eec7b4418c610da90488c5aac813
kernel-rt-debuginfo-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: c5dd2fc31566f296215c91e9f0f1441743b0ca29ed62206f14a9551c997726bc
kernel-rt-debuginfo-common-x86_64-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 21171dc40ef8101d9933ec92beb71cd5eaad7b02611594ec9fdf7d8b838b88a7
kernel-rt-devel-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 8a083597f043c630648aa02cd68214e5cb20afc22a211370a1c650b8af3503cb
kernel-rt-kvm-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: f866c7276fd476b4c5b222b53b075eeba7f77f407714653fb938377ec962c6d4
kernel-rt-modules-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: 5de241fb771c3553faf7fc2af3756b22d485b54bd396491e8a9ad9491281dce8
kernel-rt-modules-extra-4.18.0-513.11.1.rt7.313.el8_9.x86_64.rpm	SHA-256: d8c2740d41d2b5438e728c4edc4d33cb68b28094ee186af71a4b842cd5d60bc2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Ansible.com

Red Hat Ecosystem Catalog

Red Hat Hybrid Cloud Console

Red Hat Store

Red Hat Marketplace

Red Hat Summit and AnsibleFest