Lucene search

K
redhatRedHatRHSA-2023:1221
HistoryMar 14, 2023 - 1:23 p.m.

(RHSA-2023:1221) Important: kernel security, bug fix, and enhancement update

2023-03-1413:23:37
access.redhat.com
33

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

The kernel packages contain the Linux kernel, the core of any Linux operating system.

The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2165648)

Security Fix(es):

  • kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)

  • kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

  • kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • RHEL 8.7 - Outputs of lsmem, lparstat, numactl and /proc/meminfo show wrong value of memory when LMB size is set to 4GB. (BZ#2140092)

  • RHEL8.4 - boot: Add secure boot trailer (BZ#2151532)

  • Concurrent reading of /proc/cpuinfo by multiple tasks causes soft lockup (BZ#2154441)

  • GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155799)

  • cgroup: Backport cgroup_mutex performance patches (BZ#2160165)

  • Redhat OpenShift: Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160223)

  • i40e/iavf: VF reset task fails “Never saw reset” with 5 second timeout per VF (BZ#2160462)

  • panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167606)

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P