Lucene search

GoogleOSV:RXSA-2023:1566

HistoryMay 05, 2023 - 3:42 p.m.

Important: kernel security, bug fix, and enhancement update

2023-05-0515:42:05

Google

osv.dev

kernel security

bug fix

enhancement

stack overflow

user privileges escalation

linux kernel

alsa

fuse filesystem

cpu soft lockup

bug fix

kernel panic

mei_wdt module

amd server

rdma core update

vxfs module

tcp connection

s390/kexec fix

kvm-unit-test

windows server 2019

connectx-4 lx

custom xdp prog

use-after-free

mellanox adapter

mlx5

dasd

gss

ceph kernel module

scsi storvsc

hyper-v

intel feat spr cpu

7.9 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.1%

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
Rocky Linux SIG Cloud8: Practically limit “Dummy wait” workaround to old Intel systems (BZ#2142170)
AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
Kernel panic observed during VxFS module unload (BZ#2162763)
Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
Windows Server 2019 guest randomly pauses with “KVM: entry failed, hardware error 0x80000021” (BZ#2166368)
Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
mlx5: lag and sriov fixes (BZ#2167647)
Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
fast_isolate_freepages scans out of target zone (BZ#2170576)
Backport Request for locking/rwsem commits (BZ#2170939)
ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)