What Are You Looking For?

Sign Up
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:4517","synopsis":"Important: kernel security and bug fix update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net\/bluetooth\/l2cap_core.c (CVE-2022-42896)\n\n* kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)\n\n* kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)\n\n* kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)\n\n* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)\n\n* kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101)\n\n* Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602)\n\n* LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375)\n\n* ice: ptp4l cpu usage spikes (BZ#2203285)\n\n* Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127)\n\n* macvlan: backports from upstream (BZ#2209686)\n\n* Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198)\n\n* Incorrect target abort handling causes iscsi deadlock (BZ#2211494)\n\n* swap deadlock when attempt to charge a page to a cgroup stalls waiting on I\/O plugged on another task in swap code (BZ#2211513)\n\n* BUG_ON \"kernel BUG at mm\/rmap.c:1041!\" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658)\n\n* Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667)\n\n* Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373)\n\n* Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451)\n\n* Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189)\n\n* ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366)\n\n* xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281)\n\n* jitter: Fix RCT\/APT health test during initialization (BZ#2215079)\n\n* aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498)\n\n* Hyper-V Rocky Linux 8: Fix VM crash\/hang Issues due to fast VF add\/remove events (BZ#2216543)\n\n* rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769)\n\n* Regression of 3b8cc6298724 (\"blk-cgroup: Optimize blkcg_rstat_flush()\") (BZ#2220810)","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2147364","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2147364","description":""},{"ticket":"2181847","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2181847","description":""},{"ticket":"2187439","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2187439","description":""},{"ticket":"2188396","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2188396","description":""},{"ticket":"2188470","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2188470","description":""},{"ticket":"2192589","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2192589","description":""}],"cves":[{"name":"CVE-2022-42896","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-42896","cvss3ScoringVector":"CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N","cvss3BaseScore":"8.1","cwe":"CWE-416"},{"name":"CVE-2023-1281","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-1281","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"},{"name":"CVE-2023-1829","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-1829","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.4","cwe":"CWE-119"},{"name":"CVE-2023-2124","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-2124","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.0","cwe":"CWE-125"},{"name":"CVE-2023-2194","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-2194","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"6.7","cwe":"CWE-787"},{"name":"CVE-2023-2235","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-2235","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"}],"references":[],"publishedAt":"2023-10-06T23:10:01.903350Z","rpms":{"Rocky Linux 8":{"nvras":["bpftool-0:4.18.0-477.21.1.el8_8.aarch64.rpm","bpftool-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-0:4.18.0-477.21.1.el8_8.src.rpm","kernel-abi-stablelists-0:4.18.0-477.21.1.el8_8.noarch.rpm","kernel-core-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-cross-headers-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-core-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debuginfo-common-aarch64-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-modules-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-debug-modules-extra-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-doc-0:4.18.0-477.21.1.el8_8.noarch.rpm","kernel-headers-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-modules-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-modules-extra-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-tools-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-tools-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-tools-libs-0:4.18.0-477.21.1.el8_8.aarch64.rpm","kernel-tools-libs-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm","perf-0:4.18.0-477.21.1.el8_8.aarch64.rpm","perf-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","python3-perf-0:4.18.0-477.21.1.el8_8.aarch64.rpm","python3-perf-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm","bpftool-0:4.18.0-477.21.1.el8_8.x86_64.rpm","bpftool-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-core-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-cross-headers-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-core-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debuginfo-common-x86_64-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-modules-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-debug-modules-extra-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-headers-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-modules-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-modules-extra-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-tools-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-tools-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-tools-libs-0:4.18.0-477.21.1.el8_8.x86_64.rpm","kernel-tools-libs-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm","perf-0:4.18.0-477.21.1.el8_8.x86_64.rpm","perf-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm","python3-perf-0:4.18.0-477.21.1.el8_8.x86_64.rpm","python3-perf-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2023:4517 kernel security and bug fix update

October 6, 2023
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829) * kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235) * kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124) * kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184101) * Rocky Linux 8.4 - kernel: fix __clear_user() inline assembly constraints (BZ#2192602) * LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375) * ice: ptp4l cpu usage spikes (BZ#2203285) * Kernel - Significant performance drop for getrandom system call when FIPS is enabled (compared to Rocky Linux 8.x for all x < 6.z) (BZ#2208127) * macvlan: backports from upstream (BZ#2209686) * Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198) * Incorrect target abort handling causes iscsi deadlock (BZ#2211494) * swap deadlock when attempt to charge a page to a cgroup stalls waiting on I/O plugged on another task in swap code (BZ#2211513) * BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when vma->anon_vma==NULL (BZ#2211658) * Rocky Linux 8.9: IPMI updates and bug fixes (BZ#2211667) * Rocky Linux 8.6 opening console with mkvterm on novalink terminal fails due to drmgr reporting failure (L3:) (BZ#2212373) * Rocky Linux 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device (BZ#2212451) * Rocky Linux 8.8 beta: Occasional stall during initialization of ipmi_msghandler (BZ#2213189) * ESXi Rocky Linux 8: Haswell generation CPU are impacted with performance due to IBRS (BZ#2213366) * xen: fix section mismatch error with xen_callback_vector() and alloc_intr_gate() (BZ#2214281) * jitter: Fix RCT/APT health test during initialization (BZ#2215079) * aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216498) * Hyper-V Rocky Linux 8: Fix VM crash/hang Issues due to fast VF add/remove events (BZ#2216543) * rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216769) * Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220810)

RPMs

bpftool-0:4.18.0-477.21.1.el8_8.aarch64.rpm

bpftool-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-0:4.18.0-477.21.1.el8_8.src.rpm

kernel-abi-stablelists-0:4.18.0-477.21.1.el8_8.noarch.rpm

kernel-core-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-cross-headers-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-core-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debuginfo-common-aarch64-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-modules-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-debug-modules-extra-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-doc-0:4.18.0-477.21.1.el8_8.noarch.rpm

kernel-headers-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-modules-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-modules-extra-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-tools-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-tools-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-tools-libs-0:4.18.0-477.21.1.el8_8.aarch64.rpm

kernel-tools-libs-devel-0:4.18.0-477.21.1.el8_8.aarch64.rpm

perf-0:4.18.0-477.21.1.el8_8.aarch64.rpm

perf-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

python3-perf-0:4.18.0-477.21.1.el8_8.aarch64.rpm

python3-perf-debuginfo-0:4.18.0-477.21.1.el8_8.aarch64.rpm

bpftool-0:4.18.0-477.21.1.el8_8.x86_64.rpm

bpftool-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-core-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-cross-headers-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-core-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debuginfo-common-x86_64-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-modules-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-debug-modules-extra-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-headers-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-modules-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-modules-extra-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-tools-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-tools-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-tools-libs-0:4.18.0-477.21.1.el8_8.x86_64.rpm

kernel-tools-libs-devel-0:4.18.0-477.21.1.el8_8.x86_64.rpm

perf-0:4.18.0-477.21.1.el8_8.x86_64.rpm

perf-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

python3-perf-0:4.18.0-477.21.1.el8_8.x86_64.rpm

python3-perf-debuginfo-0:4.18.0-477.21.1.el8_8.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42896

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1281

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1829

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2124

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2194

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2235

Severity
Name: RLSA-2023:4517
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2147364

https://bugzilla.redhat.com/show_bug.cgi?id=2181847

https://bugzilla.redhat.com/show_bug.cgi?id=2187439

https://bugzilla.redhat.com/show_bug.cgi?id=2188396

https://bugzilla.redhat.com/show_bug.cgi?id=2188470

https://bugzilla.redhat.com/show_bug.cgi?id=2192589


Related News

From Heartbleed to Now: Evolving Threats in OpenSSL and How to Guard Against Them

Nov 17, 2023

Security Highlights from KubeCon + CloudNativeCon 2023

Nov 18, 2023

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

News

Advisories

HOWTOs

Features

A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug
Cyber Law in the Realm of Open-Source Software Security

About Us

Powered By

Footer Logo