Lucene search

K
redhatRedHatRHSA-2023:7398
HistoryNov 21, 2023 - 9:47 a.m.

(RHSA-2023:7398) Important: kernel security and bug fix update

2023-11-2109:47:13
access.redhat.com
21
linux kernel
security fix
bug fix
cve-2023-3609
cve-2023-3776
cve-2022-45884
race condition
null pointer
lpar
phyp
ibmvnic
i40e
vlan
sctp
sysctl.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0

Percentile

12.6%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

  • kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)

  • kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)

  • kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)

  • kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)

  • Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common (CVE-2023-2177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193377)

  • ibmvnic: NONFATAL reset causes dql BUG_ON crash (BZ#2236702)

  • i40e: backport selected bugfixes (BZ#2238306)

  • Random delay receiving packets after bringing up VLAN on top of VF with vf-vlan-pruning enabled (BZ#2240752)

  • sctp: fix hb_timer refresh for the pf state on transports (BZ#2245286)

  • sctp: sysctl: make extra pointers netns aware (BZ#2245289)

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0

Percentile

12.6%