{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:5091","synopsis":"Important: kernel-rt security and bug fix update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel-rt.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)\n\n* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)\n\n* kernel: net\/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)\n\n* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)\n\n* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)\n\n* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)\n\n* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)\n\n* kernel: save\/restore speculative MSRs during S3 suspend\/resume (CVE-2023-1637)\n\n* hw: amd: Cross-Process Information Leak (CVE-2023-20593)\n\n* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482)","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2181891","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2181891","description":""},{"ticket":"2213260","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2213260","description":""},{"ticket":"2213455","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2213455","description":""},{"ticket":"2217845","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2217845","description":""},{"ticket":"2220892","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2220892","description":""},{"ticket":"2220893","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2220893","description":""},{"ticket":"2225097","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225097","description":""},{"ticket":"2225198","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225198","description":""},{"ticket":"2225239","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225239","description":""},{"ticket":"2225275","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225275","description":""}],"cves":[{"name":"CVE-2023-1637","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-1637","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-20593","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-20593","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-21102","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-21102","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31248","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31248","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3390","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3390","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-35001","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-35001","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3610","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3610","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3776","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3776","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-4004","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-4004","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-4147","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-4147","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2023-09-19T12:09:59.109271Z","rpms":{"Rocky Linux 9":{"nvras":["kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.src.rpm","kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2023:5091 kernel-rt security and bug fix update

September 19, 2023
An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390) * kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610) * kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776) * kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004) * kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147) * kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248) * kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001) * kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637) * hw: amd: Cross-Process Information Leak (CVE-2023-20593) * kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482)

RPMs

kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.src.rpm

kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1637

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3610

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147

Severity
Name: RLSA-2023:5091
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2181891

https://bugzilla.redhat.com/show_bug.cgi?id=2213260

https://bugzilla.redhat.com/show_bug.cgi?id=2213455

https://bugzilla.redhat.com/show_bug.cgi?id=2217845

https://bugzilla.redhat.com/show_bug.cgi?id=2220892

https://bugzilla.redhat.com/show_bug.cgi?id=2220893

https://bugzilla.redhat.com/show_bug.cgi?id=2225097

https://bugzilla.redhat.com/show_bug.cgi?id=2225198

https://bugzilla.redhat.com/show_bug.cgi?id=2225239

https://bugzilla.redhat.com/show_bug.cgi?id=2225275


Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved