Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in kernel-rt
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kernel-rt
ID: RHSA-2024:1306
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0), Red Hat Enterprise Linux Real Time EUS (v.9.0)
Datum: Mi, 13. März 2024, 23:18
Referenzen: https://access.redhat.com/security/cve/CVE-2023-3390
https://access.redhat.com/security/cve/CVE-2023-2166
https://bugzilla.redhat.com/show_bug.cgi?id=2223949
https://bugzilla.redhat.com/show_bug.cgi?id=2256279
https://bugzilla.redhat.com/show_bug.cgi?id=2246945
https://bugzilla.redhat.com/show_bug.cgi?id=2255498
https://access.redhat.com/security/cve/CVE-2023-4622
https://bugzilla.redhat.com/show_bug.cgi?id=2231800
https://bugzilla.redhat.com/show_bug.cgi?id=2240249
https://bugzilla.redhat.com/show_bug.cgi?id=2049700
https://access.redhat.com/security/cve/CVE-2023-4459
https://bugzilla.redhat.com/show_bug.cgi?id=2267695
https://access.redhat.com/security/cve/CVE-2023-3268
https://access.redhat.com/security/cve/CVE-2022-3545
https://access.redhat.com/security/cve/CVE-2023-40283
https://access.redhat.com/security/cve/CVE-2023-6932
https://bugzilla.redhat.com/show_bug.cgi?id=2219268
https://access.redhat.com/security/cve/CVE-2022-0480
https://access.redhat.com/security/cve/CVE-2023-2163
https://bugzilla.redhat.com/show_bug.cgi?id=2230094
https://bugzilla.redhat.com/show_bug.cgi?id=2255283
https://bugzilla.redhat.com/show_bug.cgi?id=2237760
https://access.redhat.com/security/cve/CVE-2023-6546
https://bugzilla.redhat.com/show_bug.cgi?id=2253908
https://access.redhat.com/security/cve/CVE-2023-1192
https://access.redhat.com/security/cve/CVE-2023-7192
https://access.redhat.com/security/cve/CVE-2024-0646
https://bugzilla.redhat.com/show_bug.cgi?id=2213260
https://access.redhat.com/security/cve/CVE-2022-40982
https://bugzilla.redhat.com/show_bug.cgi?id=2133452
https://bugzilla.redhat.com/show_bug.cgi?id=2161310
https://access.redhat.com/security/cve/CVE-2022-38096
https://access.redhat.com/security/cve/CVE-2023-38409
https://access.redhat.com/errata/RHSA-2024:1306
https://bugzilla.redhat.com/show_bug.cgi?id=2187813
https://bugzilla.redhat.com/show_bug.cgi?id=2225201
https://access.redhat.com/security/cve/CVE-2023-3609
https://access.redhat.com/security/cve/CVE-2023-5717
https://access.redhat.com/security/cve/CVE-2023-2176
https://bugzilla.redhat.com/show_bug.cgi?id=2215502
https://bugzilla.redhat.com/show_bug.cgi?id=2230042
https://bugzilla.redhat.com/show_bug.cgi?id=2187931
https://bugzilla.redhat.com/show_bug.cgi?id=2154178
Applikationen: RT-Preempt-Realtime-Patch

Originalnachricht

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0
Extended Update Support.

'Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* memcg does not limit the number of POSIX file locks allowing memory
exhaustion (CVE-2022-0480)

* vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

* nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* UAF in nftables when nft_set_lookup_global triggered after handling named and
anonymous sets in batch requests (CVE-2023-3390)

* out-of-bounds access in relay_file_read (CVE-2023-3268)

* vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459)

* Gather Data Sampling (GDS) side channel vulnerability
(CVE-2022-40982,Downfall)

* net/sched: cls_u32 component reference counter leak if tcf_change_indev()
fails (CVE-2023-3609)

* fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map
assignment (CVE-2023-38409)

* Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue
()

* use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
(CVE-2023-40283)

* use after free in unix_stream_sendpage (CVE-2023-4622)

* bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly
marked as safe (CVE-2023-2163)

* A heap out-of-bounds write when function perf_read_group is called and
sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* ktls overwrites readonly memory pages when using function splice with a ktls
socket as destination (CVE-2024-0646)

* use-after-free in IPv4 IGMP (CVE-2023-6932)

* GSM multiplexing race condition leads to privilege escalation
(CVE-2023-6546,ZDI-CAN-20527)

* refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

* fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map
assignment (JIRA:RHEL-1107)

* out-of-bounds access in relay_file_read (JIRA:RHEL-1749)

* vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (JIRA:RHEL-18085)

* NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19524)

* update RT source tree to the latest RHEL-9.0.z Batch 15 (JIRA:RHEL-21555)

* Gather Data Sampling (GDS) side channel vulnerability (JIRA:RHEL-9285)

* A heap out-of-bounds write (JIRA:RHEL-18011)

* Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19398)

* A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19534)

* Incorrect verifier pruning leads to unsafe code paths being incorrectly
marked as safe (JIRA:RHEL-8980)

* various flaws (JIRA:RHEL-16150)

* refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20311)

* use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
(JIRA:RHEL-20502)

* ktls overwrites readonly memory pages when using function splice with a ktls
socket as destination (JIRA:RHEL-22095)

* use-after-free in smb2_is_status_io_timeout() (JIRA:RHEL-15171)

* use-after-free in IPv4 IGMP (JIRA:RHEL-21658)

* memcg does not limit the number of POSIX file locks allowing memory
exhaustion (JIRA:RHEL-8996)

* GSM multiplexing race condition leads to privilege escalation
(JIRA:RHEL-19968)

* NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22751)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier
(JIRA:RHEL-26381)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-0480: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2022-3545: Use After Free (CWE-416)
CVE-2022-38096: NULL Pointer Dereference (CWE-476)
CVE-2022-40982: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-1192: Use After Free (CWE-416)
CVE-2023-2163: Incorrect Calculation (CWE-682)
CVE-2023-2166: NULL Pointer Dereference (CWE-476)
CVE-2023-2176: Out-of-bounds Read (CWE-125)
CVE-2023-3268: Out-of-bounds Read (CWE-125)
CVE-2023-3390: Use After Free (CWE-416)
CVE-2023-3609: Double Free (CWE-415)
CVE-2023-4459: NULL Pointer Dereference (CWE-476)
CVE-2023-4622: Use After Free (CWE-416)
CVE-2023-5717: Out-of-bounds Write (CWE-787)
CVE-2023-6546: Use After Free (CWE-416)
CVE-2023-6932: Use After Free (CWE-416)
CVE-2023-7192: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-38409: Improper Validation of Array Index (CWE-129)
CVE-2023-40283: Use After Free (CWE-416)
CVE-2024-0646
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung