Issued:
2023-11-14
Updated:
2023-11-14

RHSA-2023:7077 - Important: kernel security, bug fix, and enhancement update

Synopsis

Important: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory Important

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

  • kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

  • kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

  • kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)

  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

  • kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640)

  • kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)

  • kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)

  • hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

  • kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895)

  • kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)

  • kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)

  • kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)

  • kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)

  • kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

  • kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)

  • kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

  • kernel: hid: Use After Free in asus_remove (CVE-2023-1079)

  • kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)

  • kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

  • kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

  • kernel: denial of service in tipc_conn_close (CVE-2023-1382)

  • kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)

  • kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

  • kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)

  • kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)

  • kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

  • kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)

  • kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)

  • kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)

  • Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455)

  • kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

  • kernel: Denial of service issue in az6027 driver (CVE-2023-28328)

  • kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

  • kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

  • kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)

  • kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)

  • kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)

  • kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)

  • kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)

  • kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

  • kernel: Use after free bug in r592_remove (CVE-2023-3141)

  • kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_648x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle8.10x86_64
Red Hat Enterprise Linux for Power, little endian8ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle8.10ppc64le
Red Hat Enterprise Linux for IBM z Systems8s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle8.10s390x
Red Hat Enterprise Linux for ARM 648aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle8.10aarch64
Red Hat CodeReady Linux Builder for x86_648x86_64
Red Hat CodeReady Linux Builder for Power, little endian8ppc64le
Red Hat CodeReady Linux Builder for ARM 648aarch64

Updated Packages

  • kernel-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-devel-4.18.0-513.5.1.el8_9.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-headers-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-core-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-tools-4.18.0-513.5.1.el8_9.s390x.rpm
  • bpftool-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-devel-4.18.0-513.5.1.el8_9.aarch64.rpm
  • perf-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • python3-perf-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-core-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-devel-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-modules-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-modules-4.18.0-513.5.1.el8_9.aarch64.rpm
  • perf-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-tools-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • bpftool-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-core-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-headers-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • bpftool-4.18.0-513.5.1.el8_9.aarch64.rpm
  • perf-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-cross-headers-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-devel-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-modules-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-4.18.0-513.5.1.el8_9.src.rpm
  • kernel-debuginfo-common-aarch64-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-modules-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-tools-libs-devel-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-tools-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • bpftool-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-libs-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-modules-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-tools-4.18.0-513.5.1.el8_9.aarch64.rpm
  • python3-perf-4.18.0-513.5.1.el8_9.x86_64.rpm
  • bpftool-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-cross-headers-4.18.0-513.5.1.el8_9.x86_64.rpm
  • bpftool-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-zfcpdump-devel-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-devel-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-modules-extra-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-libs-devel-4.18.0-513.5.1.el8_9.x86_64.rpm
  • python3-perf-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-modules-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • python3-perf-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • perf-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-core-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-modules-extra-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-cross-headers-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • python3-perf-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • perf-debuginfo-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-core-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-tools-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debuginfo-common-ppc64le-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-headers-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-cross-headers-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-zfcpdump-core-4.18.0-513.5.1.el8_9.s390x.rpm
  • perf-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-libs-devel-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-doc-4.18.0-513.5.1.el8_9.noarch.rpm
  • kernel-debug-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-headers-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-modules-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-devel-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debuginfo-common-x86_64-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-core-4.18.0-513.5.1.el8_9.aarch64.rpm
  • bpftool-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-modules-extra-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-zfcpdump-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • perf-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-abi-stablelists-4.18.0-513.5.1.el8_9.noarch.rpm
  • kernel-debug-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-core-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-debuginfo-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-modules-extra-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debug-core-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-tools-libs-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-modules-extra-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-modules-extra-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-devel-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debug-modules-extra-4.18.0-513.5.1.el8_9.x86_64.rpm
  • kernel-debug-devel-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • bpftool-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-debug-modules-extra-4.18.0-513.5.1.el8_9.s390x.rpm
  • perf-4.18.0-513.5.1.el8_9.ppc64le.rpm
  • kernel-debuginfo-common-s390x-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-debug-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-tools-libs-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-zfcpdump-modules-extra-4.18.0-513.5.1.el8_9.s390x.rpm
  • python3-perf-debuginfo-4.18.0-513.5.1.el8_9.aarch64.rpm
  • kernel-tools-debuginfo-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-zfcpdump-modules-4.18.0-513.5.1.el8_9.s390x.rpm
  • python3-perf-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-zfcpdump-4.18.0-513.5.1.el8_9.s390x.rpm
  • kernel-modules-4.18.0-513.5.1.el8_9.ppc64le.rpm

Fixes

CVEs

References

Additional information