Lucene search

K
osvGoogleOSV:ALSA-2023:2736
HistoryMay 16, 2023 - 12:00 a.m.

Important: kernel-rt security and bug fix update

2023-05-1600:00:00
Google
osv.dev
8
kernel-rt
security update
bug fix
real time linux kernel
high determinism systems
cve-2022-3564
cve-2023-0461
cve-2021-26341
amd cpus
cve-2021-33655
cve-2021-33656
cve-2022-1462
cve-2022-1679
cve-2022-1789
cve-2022-2196
spectre v2 attacks
cve-2022-2663
cve-2022-3028
cve-2022-3239
cve-2022-3522
cve-2022-3524
cve-2022-3566
cve-2022-3567
cve-2022-3619
cve-2022-3623
cve-2022-3625
cve-2022-3628
cve-2022-3707
cve-2022-4129
cve-2022-20141
cve-2022-25265
cve-2022-30594
cve-2022-39188
cve-2022-39189
cve-2022-41218
cve-2022-41674
cve-2022-42703
cve-2022-42720
cve-2022-42721
cve-2022-42722
cve-2022-43750
cve-2022-47929
cve-2023-0394
cve-2023-1195
cve-2023-1582
cve-2023-23454

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

60.7%

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
  • net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
  • hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
  • malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
  • when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)
  • possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
  • use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
  • KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
  • KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
  • netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
  • race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)
  • media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
  • race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
  • memory leak in ipv6_renew_options() (CVE-2022-3524)
  • data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
  • data races around sk->sk_prot (CVE-2022-3567)
  • memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
  • denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
  • use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
  • USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
  • Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
  • l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)
  • igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
  • Executable Space Protection Bypass (CVE-2022-25265)
  • Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
  • unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
  • TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)
  • Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
  • u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
  • use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
  • use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
  • BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
  • Denial of service in beacon protection for P2P-device (CVE-2022-42722)
  • memory corruption in usbmon driver (CVE-2022-43750)
  • NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
  • NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
  • use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
  • Soft lockup occurred during __page_mapcount (CVE-2023-1582)
  • slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

60.7%