Lucene search

K
redhatRedHatRHSA-2023:0856
HistoryFeb 21, 2023 - 9:57 a.m.

(RHSA-2023:0856) Important: kernel security update

2023-02-2109:57:02
CWE-120->CWE-131->CWE-787
access.redhat.com
67
kernel
security update
memory corruption
use-after-free
stack overflow
cve-2022-2964
cve-2022-3564
cve-2022-4378
references
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.9%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)

  • kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)

  • kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatkernel-rtRange3.10.0-1160.95.1.rt56.1241.el7
OR
redhatkernelRange3.10.0-1160.95.1.el7
OR
redhatkernelRange3.10.0-693.111.1.el7
OR
redhatkernelRange3.10.0-957.104.1.el7
OR
redhatkernelRange3.10.0-1062.72.1.el7
OR
redhatkernel-rtRange4.18.0-477.10.1.rt7.274.el8_8
OR
redhatkernelRange4.18.0-477.10.1.el8_8
OR
redhatkernelRange4.18.0-147.80.1.el8_1
OR
redhatkernelRange4.18.0-193.105.1.el8_2
OR
redhatkernel-rtRange4.18.0-193.105.1.rt13.156.el8_2
OR
redhatkernel-rtRange4.18.0-305.82.1.rt7.154.el8_4
OR
redhatkernelRange4.18.0-305.82.1.el8_4
OR
redhatkernelRange4.18.0-372.57.1.el8_6
OR
redhatkernelRange5.14.0-162.18.1.el9_1
OR
redhatkernel-rtRange5.14.0-162.18.1.rt21.181.el9_1
OR
redhatkernelRange5.14.0-70.49.1.el9_0
OR
redhatkernel-rtRange5.14.0-70.49.1.rt21.120.el9_0
OR
redhatvirtualization_hostRange4.5.3-202306050942_8.6
OR
redhatkernel-rtRange3.10.0-1160.83.1.rt56.1228.el7
OR
redhatkernelRange3.10.0-1160.83.1.el7
OR
redhatkernel-rtRange4.18.0-425.10.1.rt7.220.el8_7
OR
redhatkernelRange4.18.0-425.10.1.el8_7
OR
redhatkernelRange4.18.0-193.98.1.el8_2
OR
redhatkernel-rtRange4.18.0-193.98.1.rt13.149.el8_2
OR
redhatkernel-rtRange4.18.0-305.76.1.rt7.148.el8_4
OR
redhatkernelRange4.18.0-305.76.1.el8_4
OR
redhatkernelRange4.18.0-372.46.1.el8_6
OR
redhatkernelRange5.14.0-162.12.1.el9_1
OR
redhatkernel-rtRange5.14.0-162.12.1.rt21.175.el9_1
OR
redhatkernelRange5.14.0-70.43.1.el9_0
OR
redhatkernel-rtRange5.14.0-70.43.1.rt21.114.el9_0
OR
redhatkernelRange2.6.32-754.50.1.el6
OR
redhatkernel-rtRange3.10.0-1160.88.1.rt56.1233.el7
OR
redhatkernelRange3.10.0-1160.88.1.el7
OR
redhatkernelRange3.10.0-693.107.1.el7
OR
redhatkernelRange3.10.0-957.100.1.el7
OR
redhatkernelRange3.10.0-1062.71.1.el7
OR
redhatkernel-rtRange4.18.0-425.19.2.rt7.230.el8_7
OR
redhatkernelRange4.18.0-425.19.2.el8_7
OR
redhatkernelRange4.18.0-193.100.1.el8_2
OR
redhatkernel-rtRange4.18.0-193.100.1.rt13.151.el8_2
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatchnfv
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatkernel-rt*cpe:2.3:o:redhat:kernel-rt:*:*:*:*:*:*:*:*
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*
redhatvirtualization_host*cpe:2.3:a:redhat:virtualization_host:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linuxnfvcpe:2.3:o:redhat:enterprise_linux:nfv:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

17.9%