Advisory ROSA-SA-2023-2241

Software: kernel 3.10.0
OS: rosa-server79

package_evr_string: kernel-3.10.0-1160.83.1.el7

CVE-ID: CVE-2023-3397
BDU-ID: 2023-03779
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the JFS file system of the Linux operating system kernel is related to the reuse of previously freed memory due to competitive resource access (race condition) between the lmLogClose() and txEnd() functions in the fs/jfs/jfs_txnmgr.c module. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected information
CVE-STATUS: Investigated
CVE-REV: Monitor for updates

CVE-ID: CVE-2023-33250
BDU-ID: 2023-02798
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the iopt_unmap_iova_range() function in the drivers/iommu/iommufd/io_pagetable.c module of the Linux operating system kernel involves the use of previously freed memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Unpatched
CVE-REV: Execute yum update kernel command

CVE-ID: CVE-2023-35001
BDU-ID: 2023-03778
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the nft_byteorder_eval() function in the net/netfilter/nft_byteorder.c module of the Linux operating system kernel is related to an operation exceeding buffer boundaries in memory during pointer processing. Exploitation of the vulnerability could allow an attacker to affect confidentiality, integrity and availability of protected information
CVE-STATUS: Unpatched
CVE-REV: Execute yum update kernel command

CVE-ID: CVE-2023-31248
BDU-ID: 2023-03947
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the nft_chain_lookup_byid() function in the net/netfilter/nf_tables_api.c module of the netfilter packet filtering subsystem of the netfilter kernel of the Linux operating system is related to the reuse of previously freed memory due to competitive access to a resource (race condition). Exploitation of the vulnerability could allow an attacker to escalate privileges and impact the confidentiality, integrity and availability of protected information
CVE-STATUS: Not Current
CVE-REV: Execute the yum update kernel command

CVE-ID: CVE-2023-3640
BDU-ID: 2023-03962
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the init_cea_offsets() function in the /arch/x86/mm/cpu_entry_area.c module of the Linux operating system kernel memory management subsystem is related to the availability of the per-cpu region of the memory area for user address space. Exploitation of the vulnerability could allow an attacker to gain access to protected information and escalate their privileges
CVE-STATUS: Unpatched
CVE-REV: Execute the yum update kernel command

CVE-ID: CVE-2023-3772
BDU-ID: 2023-04268
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the xfrm_update_ae_params() function in the net/xfrm/xfrm_user.c module of the XFRM subsystem of the Linux operating system kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Unpatched
CVE-REV: Execute the yum update kernel command