Lucene search

K
redhatRedHatRHSA-2024:0554
HistoryJan 30, 2024 - 12:13 a.m.

(RHSA-2024:0554) Important: kpatch-patch security update

2024-01-3000:13:52
access.redhat.com
16
kpatch-patch module
kernel
security update
cve-2023-2163
cve-2023-3611
cve-2023-3812
cve-2023-4622
cve-2023-4623
cve-2023-5178
cve-2023-31436
cve-2023-45871

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.024

Percentile

90.0%

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

  • kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

  • kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)

  • kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

  • kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

  • kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

  • kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

  • kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

  • kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.024

Percentile

90.0%