Red Hat Product Errata RHSA-2024:0402 - Security Advisory
Issued:
2024-01-24
Updated:
2024-01-24

RHSA-2024:0402 - Security Advisory

Synopsis

Important: kernel-rt security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
  • kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
  • kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
  • kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue (BZ#2230094)
  • kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
  • hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64

Fixes

  • BZ - 2187773 - CVE-2023-2162 kernel: UAF during login when accessing the shost ipaddress
  • BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak
  • BZ - 2230094 - kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue
  • BZ - 2237760 - CVE-2023-4622 kernel: use after free in unix_stream_sendpage
  • BZ - 2239843 - CVE-2023-42753 kernel: netfilter: potential slab-out-of-bound access due to integer underflow
  • BZ - 2240249 - CVE-2023-2163 kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.120.1.rt13.171.el8_2.src.rpm SHA-256: 620055a95c4b1bc435d4672255b32ee4c50549dc482b27420616e34dc7e490da
x86_64
kernel-rt-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 7a617511a68d97145d2ee39838d8c5ec48f9871f8181ca9cd3c8733dce5bf140
kernel-rt-core-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 6d6453538141804565eb95b0ba8ede1b19554d6f28c709a1d29ff2323cab9928
kernel-rt-debug-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 2b41cd7b2884400207a9e09a88cf18470af9f66d6f50dd1c458627fb154d6adf
kernel-rt-debug-core-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 5e0dd6ecd01d71127f4005391b657b038c196c483ef21142326ca718b0db63c9
kernel-rt-debug-debuginfo-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 92181813a8cced1adb5695f92dda2252cb4396a7ddc8dc66693517e5f0a99167
kernel-rt-debug-devel-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: d0efa887d2ac98b8405cadbe816af516bf40503ad474bd2d4c604543e49395b1
kernel-rt-debug-modules-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 53cde382b02ab698b6a75246d2e39a3d82de6266ec179faea102b6635f235a55
kernel-rt-debug-modules-extra-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 6ffed09f5e04936225173dfa1b98e54483544460128dba4a6a205480c5050cbb
kernel-rt-debuginfo-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 82fe55e3e2556b53332a4217f2a0fa4cb3263b0d008617bade8e3dd57535c024
kernel-rt-debuginfo-common-x86_64-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 95678ba51aabd5b784772dee7d6f0d28b84018d1e58673f6bf68374fa1298e7f
kernel-rt-devel-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: ee46c964f5d304671326a0e2758aeaf4a82a548810ced81252ed8f0051b0ca4b
kernel-rt-modules-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: f99731164aca32c3c733f16046a531d46584c0b826ca0db1909ccbc563045fb9
kernel-rt-modules-extra-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: a89b0d8678c415869550c2caf1a311ea432d0d02c0757a3bb03112aef45d9ab5

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2

SRPM
kernel-rt-4.18.0-193.120.1.rt13.171.el8_2.src.rpm SHA-256: 620055a95c4b1bc435d4672255b32ee4c50549dc482b27420616e34dc7e490da
x86_64
kernel-rt-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 7a617511a68d97145d2ee39838d8c5ec48f9871f8181ca9cd3c8733dce5bf140
kernel-rt-core-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 6d6453538141804565eb95b0ba8ede1b19554d6f28c709a1d29ff2323cab9928
kernel-rt-debug-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 2b41cd7b2884400207a9e09a88cf18470af9f66d6f50dd1c458627fb154d6adf
kernel-rt-debug-core-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 5e0dd6ecd01d71127f4005391b657b038c196c483ef21142326ca718b0db63c9
kernel-rt-debug-debuginfo-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 92181813a8cced1adb5695f92dda2252cb4396a7ddc8dc66693517e5f0a99167
kernel-rt-debug-devel-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: d0efa887d2ac98b8405cadbe816af516bf40503ad474bd2d4c604543e49395b1
kernel-rt-debug-kvm-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 9e42f250b44a07c49595c10b7a562f225c750f1fa15e97ae5c937f960b257621
kernel-rt-debug-modules-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 53cde382b02ab698b6a75246d2e39a3d82de6266ec179faea102b6635f235a55
kernel-rt-debug-modules-extra-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 6ffed09f5e04936225173dfa1b98e54483544460128dba4a6a205480c5050cbb
kernel-rt-debuginfo-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 82fe55e3e2556b53332a4217f2a0fa4cb3263b0d008617bade8e3dd57535c024
kernel-rt-debuginfo-common-x86_64-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 95678ba51aabd5b784772dee7d6f0d28b84018d1e58673f6bf68374fa1298e7f
kernel-rt-devel-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: ee46c964f5d304671326a0e2758aeaf4a82a548810ced81252ed8f0051b0ca4b
kernel-rt-kvm-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: 99367d17f07b5d4f516845a834db98587577d8c1ea60535d9a534e3ed9c80f36
kernel-rt-modules-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: f99731164aca32c3c733f16046a531d46584c0b826ca0db1909ccbc563045fb9
kernel-rt-modules-extra-4.18.0-193.120.1.rt13.171.el8_2.x86_64.rpm SHA-256: a89b0d8678c415869550c2caf1a311ea432d0d02c0757a3bb03112aef45d9ab5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.