(RHSA-2024:0562) Important: kernel security and bug fix update

2024-01-3012:10:10

access.redhat.com

kernel packages

linux kernel

security fix

bpf

tun

use after free

net scheduler

netfilter

igb driver

gather data sampling

hw intel

fbcon

smb2_is_status_io_timeout

lpar

phyp

dlpar cpu operations

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.2%

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)
hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)
kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193378)

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64kernel-debug-modules< 4.18.0-305.120.1.el8_4kernel-debug-modules-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat8x86_64kernel-tools-libs< 4.18.0-305.120.1.el8_4kernel-tools-libs-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat8x86_64kernel-devel< 4.18.0-305.120.1.el8_4kernel-devel-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat8x86_64kernel-debug-modules-extra< 4.18.0-305.120.1.el8_4kernel-debug-modules-extra-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat8x86_64python3-perf< 4.18.0-305.120.1.el8_4python3-perf-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat8ppc64lekernel-modules< 4.18.0-305.120.1.el8_4kernel-modules-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat8ppc64lekernel-debug-devel< 4.18.0-305.120.1.el8_4kernel-debug-devel-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat8ppc64lekernel-cross-headers< 4.18.0-305.120.1.el8_4kernel-cross-headers-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat8ppc64lekernel-tools-debuginfo< 4.18.0-305.120.1.el8_4kernel-tools-debuginfo-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat8x86_64kernel-modules< 4.18.0-305.120.1.el8_4kernel-modules-4.18.0-305.120.1.el8_4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	kernel-debug-modules	< 4.18.0-305.120.1.el8_4	kernel-debug-modules-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat	8	x86_64	kernel-tools-libs	< 4.18.0-305.120.1.el8_4	kernel-tools-libs-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat	8	x86_64	kernel-devel	< 4.18.0-305.120.1.el8_4	kernel-devel-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat	8	x86_64	kernel-debug-modules-extra	< 4.18.0-305.120.1.el8_4	kernel-debug-modules-extra-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat	8	x86_64	python3-perf	< 4.18.0-305.120.1.el8_4	python3-perf-4.18.0-305.120.1.el8_4.x86_64.rpm
RedHat	8	ppc64le	kernel-modules	< 4.18.0-305.120.1.el8_4	kernel-modules-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat	8	ppc64le	kernel-debug-devel	< 4.18.0-305.120.1.el8_4	kernel-debug-devel-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat	8	ppc64le	kernel-cross-headers	< 4.18.0-305.120.1.el8_4	kernel-cross-headers-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat	8	ppc64le	kernel-tools-debuginfo	< 4.18.0-305.120.1.el8_4	kernel-tools-debuginfo-4.18.0-305.120.1.el8_4.ppc64le.rpm
RedHat	8	x86_64	kernel-modules	< 4.18.0-305.120.1.el8_4	kernel-modules-4.18.0-305.120.1.el8_4.x86_64.rpm