-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel-rt security and bug fix update Advisory ID: RHSA-2023:4255-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4255 Issue date: 2023-07-25 CVE Names: CVE-2023-1281 CVE-2023-32233 ===================================================================== 1. Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux NFV E4S (v.8.4) - x86_64 Red Hat Enterprise Linux NFV TUS (v.8.4) - x86_64 Red Hat Enterprise Linux RT TUS (v.8.4) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281) * kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.4z18 Batch (BZ#2209986) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation 2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation 6. Package List: Red Hat Enterprise Linux NFV E4S (v.8.4): Source: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.src.rpm x86_64: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-kvm-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm Red Hat Enterprise Linux NFV TUS (v.8.4): Source: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.src.rpm x86_64: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-kvm-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-kvm-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm Red Hat Enterprise Linux RT TUS (v.8.4): Source: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.src.rpm x86_64: kernel-rt-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-core-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debug-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-debuginfo-common-x86_64-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-devel-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm kernel-rt-modules-extra-4.18.0-305.97.1.rt7.172.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-1281 https://access.redhat.com/security/cve/CVE-2023-32233 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkv4WTAAoJENzjgjWX9erE+9wP+wXbVrxPwbxBBjGpruRSsyN8 Lb0hMdTeOmdOcbMPrFsAlbVZemqM7WD5YEdLG2RY3ZFXb7COuqMLqXV3meUulE+y Rku0A5MUvcNw4xF/o4Uv9/iv119VK15dYoL4p8iZiErXje7qm6zqFlX2hyPtzx5d 3iPWMAP/9Dx7uVnVfFeK7GNsmRDd9kZrdelJaO0TWbBgZcNqSY68GrxMfb0q3GU0 LoG633JJf0QizXVNZKucA1NZIobpUv1/WIDIsXs8OAhI1jff25ePLi2WjdsD0agw 9lkUGew0y4JfSrM5Henap9UMSO7VweL8mNea1b2xVS5wUFLPj8RJR3IGv6E0Dtt+ KR0qWVujkOkO0Ji1uyhZfwlvSCxOrAIBDvf/wO9ATDjbE5Ly6sspbj9GiWFFsh3/ VyGRRvh6cnEET+qT4LvyqYfGiiTEU8I3mS/oRoBr5pX1p7XriO0xWQtvyXdltRip p+b/bwaaD3R4cY16PVJiYYP48S0N5FbCqMmgDlw7P0RSdfBHru6h6qSye493JXuu u+55hWCG7/0OPnV47/RoZgZnvnGowz0WqSFCBVE+kpNpyU3QR0/YaEkdu4Sis/V9 Ut8zOmjqBJDnpkvLde2dBP8sGjqcEj0IvQFT5if394ccER1WITbqs1cP+amm4Pc5 0OCuTyEFiR3HwglK1oMk =6M34 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce