Lucene search

K
rockyRockylinux Product ErrataRXSA-2023:0334
HistoryJan 23, 2023 - 2:30 p.m.

kernel security and bug fix update

2023-01-2314:30:23
Rockylinux Product Errata
errata.rockylinux.org
64
kernel
security
bug fixes
cve
privilege escalation
memory corruption
buffer overflow
race condition
rocky linux
intel
amdclient
azure
dell
vfio
nvme-tcp
ice driver
cpu warning
drm
sysfs
vga monitor
ppc64le
backend error
pci-hv
accelerated network
stress.

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)

  • kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)

  • kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)

  • kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

  • kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)

  • kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Intel 9.2: Important iavf bug fixes (BZ#2127884)

  • vfio zero page mappings fail after 2M instances (BZ#2128514)

  • nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)

  • ice: Driver Update to 5.19 (BZ#2132070)

  • WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)

  • drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)

  • updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)

  • DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)

  • No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)

  • Practically limit “Dummy wait” workaround to old Intel systems (BZ#2142168)

  • ppc64le: unexpected oom panic when there’s enough memory left in zswap test (BZ#2143976)

  • fatal error: error in backend: Branch target out of insn range (BZ#2144902)

  • AMdCLIENT: The kernel command line parameter “nomodeset” not working properly (BZ#2145217)

  • Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)

  • Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)

  • DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.6%