Lucene search

K
redhatRedHatRHSA-2023:4962
HistorySep 05, 2023 - 8:48 a.m.

(RHSA-2023:4962) Important: kernel security, bug fix, and enhancement update

2023-09-0508:48:34
access.redhat.com
41
kernel security
bug fix
enhancement
linux operating system
use-after-free vulnerability
out-of-bounds write
stack-out-of-bounds-read
unauthorized management command execution
oob access
interrupts
scsi timeouts
conntrack clash resolution
clock watchdog

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)

  • kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)

  • kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)

  • kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)

  • kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

  • kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)

  • Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)

  • kernel: OOB access in the Linux kernel’s XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216500)

  • rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216771)

  • refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221012)

  • enable conntrack clash resolution for GRE (BZ#2223544)

  • iavf: Fix race between iavf_close and iavf_reset_task (BZ#2223608)

  • libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227075)

  • [i40e] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228165)

Enhancement(s):

  • [Intel 8.7 FEAT] TSC: Avoid clock watchdog when not needed (BZ#2216050)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.3%