Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in kernel-rt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kernel-rt
ID: RHSA-2023:6901
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux Real Time for NFV (v. 8), Red Hat Enterprise Linux Real Time (v. 8)
Datum: Mi, 15. November 2023, 19:14
Referenzen: https://access.redhat.com/security/cve/CVE-2023-4206
https://access.redhat.com/security/cve/CVE-2022-3594
https://bugzilla.redhat.com/show_bug.cgi?id=2181330
https://bugzilla.redhat.com/show_bug.cgi?id=2192671
https://access.redhat.com/security/cve/CVE-2023-1073
https://access.redhat.com/security/cve/CVE-2023-33951
https://bugzilla.redhat.com/show_bug.cgi?id=2173430
https://access.redhat.com/security/cve/CVE-2023-30456
https://access.redhat.com/security/cve/CVE-2022-3640
https://access.redhat.com/security/cve/CVE-2022-38457
https://access.redhat.com/security/cve/CVE-2023-1075
https://access.redhat.com/security/cve/CVE-2023-1252
https://bugzilla.redhat.com/show_bug.cgi?id=2173403
https://access.redhat.com/security/cve/CVE-2023-0590
https://bugzilla.redhat.com/show_bug.cgi?id=2175903
https://access.redhat.com/security/cve/CVE-2021-43975
https://access.redhat.com/errata/RHSA-2023:6901
https://access.redhat.com/security/cve/CVE-2022-40133
https://access.redhat.com/security/cve/CVE-2023-0597
https://access.redhat.com/security/cve/CVE-2023-4132
https://bugzilla.redhat.com/show_bug.cgi?id=2223949
https://access.redhat.com/security/cve/CVE-2023-1855
https://bugzilla.redhat.com/show_bug.cgi?id=2177389
https://access.redhat.com/security/cve/CVE-2023-4128
https://bugzilla.redhat.com/show_bug.cgi?id=2173444
https://access.redhat.com/security/cve/CVE-2023-3611
https://access.redhat.com/security/cve/CVE-2023-23455
https://bugzilla.redhat.com/show_bug.cgi?id=2165741
https://bugzilla.redhat.com/show_bug.cgi?id=2185945
https://access.redhat.com/security/cve/CVE-2023-35824
https://bugzilla.redhat.com/show_bug.cgi?id=2225511
https://bugzilla.redhat.com/show_bug.cgi?id=2187257
https://access.redhat.com/security/cve/CVE-2023-2513
https://bugzilla.redhat.com/show_bug.cgi?id=2225201
https://bugzilla.redhat.com/show_bug.cgi?id=2182443
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index
https://bugzilla.redhat.com/show_bug.cgi?id=2221707
https://access.redhat.com/security/cve/CVE-2023-4732
https://bugzilla.redhat.com/show_bug.cgi?id=2149024
https://bugzilla.redhat.com/show_bug.cgi?id=2168332
https://bugzilla.redhat.com/show_bug.cgi?id=2193097
https://access.redhat.com/security/cve/CVE-2023-1989
https://access.redhat.com/security/cve/CVE-2023-35823
https://bugzilla.redhat.com/show_bug.cgi?id=2215502
https://bugzilla.redhat.com/show_bug.cgi?id=2236982
https://access.redhat.com/security/cve/CVE-2023-3161
https://bugzilla.redhat.com/show_bug.cgi?id=2133453
https://access.redhat.com/security/cve/CVE-2023-31084
https://bugzilla.redhat.com/show_bug.cgi?id=2174400
https://bugzilla.redhat.com/show_bug.cgi?id=2156322
https://access.redhat.com/security/cve/CVE-2023-1079
https://bugzilla.redhat.com/show_bug.cgi?id=2147356
https://bugzilla.redhat.com/show_bug.cgi?id=2184578
https://access.redhat.com/security/cve/CVE-2023-4207
https://access.redhat.com/security/cve/CVE-2023-3609
https://access.redhat.com/security/cve/CVE-2023-3212
https://bugzilla.redhat.com/show_bug.cgi?id=2193219
https://access.redhat.com/security/cve/CVE-2022-45869
https://access.redhat.com/security/cve/CVE-2023-4155
https://bugzilla.redhat.com/show_bug.cgi?id=2215835
https://bugzilla.redhat.com/show_bug.cgi?id=2225191
https://bugzilla.redhat.com/show_bug.cgi?id=2218212
https://bugzilla.redhat.com/show_bug.cgi?id=2219530
https://access.redhat.com/security/cve/CVE-2023-1998
https://access.redhat.com/security/cve/CVE-2023-33952
https://bugzilla.redhat.com/show_bug.cgi?id=2214348
https://bugzilla.redhat.com/show_bug.cgi?id=2176140
https://access.redhat.com/security/cve/CVE-2022-45887
https://access.redhat.com/security/cve/CVE-2023-28772
https://access.redhat.com/security/cve/CVE-2023-31436
https://access.redhat.com/security/cve/CVE-2023-28328
https://access.redhat.com/security/cve/CVE-2023-1074
https://access.redhat.com/security/cve/CVE-2023-1118
https://access.redhat.com/security/cve/CVE-2023-3772
https://access.redhat.com/security/cve/CVE-2023-3268
https://access.redhat.com/security/cve/CVE-2023-1206
https://access.redhat.com/security/cve/CVE-2022-28388
https://bugzilla.redhat.com/show_bug.cgi?id=2151317
https://bugzilla.redhat.com/show_bug.cgi?id=2213485
https://bugzilla.redhat.com/show_bug.cgi?id=2188468
https://access.redhat.com/security/cve/CVE-2023-0458
https://access.redhat.com/security/cve/CVE-2023-4208
https://access.redhat.com/security/cve/CVE-2023-1382
https://access.redhat.com/security/cve/CVE-2022-42895
https://bugzilla.redhat.com/show_bug.cgi?id=2177371
https://bugzilla.redhat.com/show_bug.cgi?id=2073091
https://bugzilla.redhat.com/show_bug.cgi?id=2218943
https://access.redhat.com/security/cve/CVE-2023-35825
https://access.redhat.com/security/cve/CVE-2022-40982
https://bugzilla.redhat.com/show_bug.cgi?id=2024989
https://bugzilla.redhat.com/show_bug.cgi?id=2213802
https://bugzilla.redhat.com/show_bug.cgi?id=2192667
https://bugzilla.redhat.com/show_bug.cgi?id=2215836
https://bugzilla.redhat.com/show_bug.cgi?id=2165926
https://bugzilla.redhat.com/show_bug.cgi?id=2213199
https://access.redhat.com/security/cve/CVE-2022-4744
https://bugzilla.redhat.com/show_bug.cgi?id=2173434
https://access.redhat.com/security/cve/CVE-2023-3141
https://access.redhat.com/solutions/7027704
https://bugzilla.redhat.com/show_bug.cgi?id=2213139
https://bugzilla.redhat.com/show_bug.cgi?id=2215837
https://bugzilla.redhat.com/show_bug.cgi?id=2139610
https://bugzilla.redhat.com/show_bug.cgi?id=2133455
https://access.redhat.com/security/cve/CVE-2023-26545
https://access.redhat.com/security/cve/CVE-2023-33203
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
https://bugzilla.redhat.com/show_bug.cgi?id=2148520
Applikationen: RT-Preempt-Realtime-Patch

Originalnachricht

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)

* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)

* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched
classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)

* kernel: Rate limit overflow messages in r8152 in intr_callback
(CVE-2022-3594)

* kernel: use-after-free and info leak in l2cap_conn_del and
l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)

* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)

* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133,
CVE-2023-33951, CVE-2023-33952)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
(CVE-2022-40982)

* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155,
CVE-2023-30456)

* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)

* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c
(CVE-2023-0458)

* kernel: use-after-free in qdisc_graft (CVE-2023-0590)

* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)

* kernel: sctp: fail if no bound addresses can be used for a given scope
(CVE-2023-1074)

* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)

* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)

* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)

* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)

* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params
(CVE-2023-3772)

* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)

* kernel: Race between task migrating pages and another task calling exit_mmap
to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)

* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)

* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
(CVE-2023-28772)

* kernel: blocking operation in dvb_frontend_get_event and
wait_event_interruptible (CVE-2023-31084)

* kernel: net: qcom/emac: race condition leading to use-after-free in
emac_remove (CVE-2023-33203)

* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)

* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)

* kernel: r592: race condition in r592_remove (CVE-2023-35825)

* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)

* kernel: use-after-free bug in remove function xgene_hwmon_remove
(CVE-2023-1855)

* kernel: Use after free in r592_remove (CVE-2023-3141)

* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

For more details about the security issue(s), refer to the CVE page(s) listed
in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise
Linux 8.9 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-43975: Out-of-bounds Write (CWE-787)
CVE-2022-3594: Logging of Excessive Data (CWE-779)
CVE-2022-3640: Use After Free (CWE-416)
CVE-2022-4744: Access of Uninitialized Pointer (CWE-824)
CVE-2022-28388: Double Free (CWE-415)
CVE-2022-38457: Use After Free (CWE-416)
CVE-2022-40133: Use After Free (CWE-416)
CVE-2022-40982: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2022-42895: Access of Uninitialized Pointer (CWE-824)
CVE-2022-45869: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2022-45887: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-0458: NULL Pointer Dereference (CWE-476)
CVE-2023-0590: Use After Free (CWE-416)
CVE-2023-0597: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-1073: Out-of-bounds Write (CWE-787)
CVE-2023-1074: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-1075: Access of Resource Using Incompatible Type ('Type
Confusion') (CWE-843)
CVE-2023-1079: Use After Free (CWE-416)
CVE-2023-1118: Use After Free (CWE-416)
CVE-2023-1206: Uncontrolled Resource Consumption (CWE-400)
CVE-2023-1252: Use After Free (CWE-416)
CVE-2023-1382: NULL Pointer Dereference (CWE-476)
CVE-2023-1855: Use After Free (CWE-416)
CVE-2023-1989: Use After Free (CWE-416)
CVE-2023-1998: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-2513: Use After Free (CWE-416)
CVE-2023-3141: Use After Free (CWE-416)
CVE-2023-3161: Incorrect Bitwise Shift of Integer (CWE-1335)
CVE-2023-3212: NULL Pointer Dereference (CWE-476)
CVE-2023-3268: Out-of-bounds Read (CWE-125)
CVE-2023-3609: Double Free (CWE-415)
CVE-2023-3611: Out-of-bounds Write (CWE-787)
CVE-2023-3772: NULL Pointer Dereference (CWE-476)
CVE-2023-4128: Use After Free (CWE-416)
CVE-2023-4132: Use After Free (CWE-416)
CVE-2023-4155: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
CVE-2023-4206: Use After Free (CWE-416)
CVE-2023-4207: Use After Free (CWE-416)
CVE-2023-4208: Use After Free (CWE-416)
CVE-2023-4732: Race Condition within a Thread (CWE-366)
CVE-2023-23455: Access of Resource Using Incompatible Type ('Type
Confusion') (CWE-843)
CVE-2023-26545: Double Free (CWE-415)
CVE-2023-28328: NULL Pointer Dereference (CWE-476)
CVE-2023-28772: Improper Restriction of Operations within the Bounds of a
Memory Buffer (CWE-119)
CVE-2023-30456: Improperly Implemented Security Check for Standard (CWE-358)
CVE-2023-31084
CVE-2023-31436: Out-of-bounds Write (CWE-787)
CVE-2023-33203: Use After Free (CWE-416)
CVE-2023-33951: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-33952: Double Free (CWE-415)
CVE-2023-35823: Use After Free (CWE-416)
CVE-2023-35824: Use After Free (CWE-416)
CVE-2023-35825: Use After Free (CWE-416)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung