Lucene search

K
centosCentOS ProjectCESA-2023:4151
HistoryAug 03, 2023 - 2:33 p.m.

bpftool, kernel, perf, python security update

2023-08-0314:33:32
CentOS Project
lists.centos.org
357
centos
update
kernel
bpftool
perf
python
security advisory
cve-2022-3564
performance fix
rhel7.9
user space

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.9%

CentOS Errata and Security Advisory CESA-2023:4151

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • perf record -ag does not capture user space stack frames on s390x (BZ#2207745)

  • RHEL7.9 - kernel: handle new reply code FILTERED_BY_HYPERVISOR (BZ#2212672)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2023-August/086418.html

Affected packages:
bpftool
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-tools
kernel-tools-libs
kernel-tools-libs-devel
perf
python-perf

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:4151

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.9%