[RHSA-2023:1584] kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Lazy irq_work does not raise softirq on PREEMPT_RT rhel-8
The latest RHEL 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278)
- ID
- RHSA-2023:1584
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2023:1584
- Published
-
2023-04-04T00:00:00
(17 months ago) - Modified
-
2023-04-04T00:00:00
(17 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALSA-2023:0951
- ALSA-2023:1470
- ALSA-2023:1566
- ALSA-2023:1703
- CISA-2023:0330
- DSA-5324-1
- DSA-5402-1
- DSA-5480-1
- ELSA-2022-10071
- ELSA-2022-10072
- ELSA-2022-10073
- ELSA-2022-10078
- ELSA-2022-10079
- ELSA-2022-10080
- ELSA-2022-10081
- ELSA-2022-10108
- ELSA-2023-0951
- ELSA-2023-1091
- ELSA-2023-12006
- ELSA-2023-12007
- ELSA-2023-12008
- ELSA-2023-12009
- ELSA-2023-12017
- ELSA-2023-12018
- ELSA-2023-12196
- ELSA-2023-1470
- ELSA-2023-1566
- ELSA-2023-1703
- ELSA-2023-1822
- MS:CVE-2022-4378
- MS:CVE-2023-0266
- RHSA-2023:0951
- RHSA-2023:0979
- RHSA-2023:1008
- RHSA-2023:1091
- RHSA-2023:1092
- RHSA-2023:1101
- RHSA-2023:1469
- RHSA-2023:1470
- RHSA-2023:1471
- RHSA-2023:1566
- RHSA-2023:1659
- RHSA-2023:1681
- RHSA-2023:1691
- RHSA-2023:1703
- RLSA-2023:1470
- RLSA-2023:1566
- SSA:2023-048-01
- SSA:2023-172-02
- SUSE-SU-2022:4503-1
- SUSE-SU-2022:4504-1
- SUSE-SU-2022:4505-1
- SUSE-SU-2022:4506-1
- SUSE-SU-2022:4510-1
- SUSE-SU-2022:4513-1
- SUSE-SU-2022:4515-1
- SUSE-SU-2022:4516-1
- SUSE-SU-2022:4517-1
- SUSE-SU-2022:4518-1
- SUSE-SU-2022:4520-1
- SUSE-SU-2022:4527-1
- SUSE-SU-2022:4528-1
- SUSE-SU-2022:4533-1
- SUSE-SU-2022:4534-1
- SUSE-SU-2022:4539-1
- SUSE-SU-2022:4542-1
- SUSE-SU-2022:4543-1
- SUSE-SU-2022:4544-1
- SUSE-SU-2022:4545-1
- SUSE-SU-2022:4546-1
- SUSE-SU-2022:4550-1
- SUSE-SU-2022:4551-1
- SUSE-SU-2022:4559-1
- SUSE-SU-2022:4560-1
- SUSE-SU-2022:4562-1
- SUSE-SU-2022:4566-1
- SUSE-SU-2022:4569-1
- SUSE-SU-2022:4572-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4577-1
- SUSE-SU-2022:4580-1
- SUSE-SU-2022:4585-1
- SUSE-SU-2022:4587-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4595-1
- SUSE-SU-2022:4613-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4616-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0152-1
- SUSE-SU-2023:0394-1
- SUSE-SU-2023:0406-1
- SUSE-SU-2023:0433-1
- SUSE-SU-2023:0485-1
- SUSE-SU-2023:0488-1
- SUSE-SU-2023:0618-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:0779-1
- SUSE-SU-2023:1576-1
- SUSE-SU-2023:1591-1
- SUSE-SU-2023:1592-1
- SUSE-SU-2023:1595-1
- SUSE-SU-2023:1602-1
- SUSE-SU-2023:1619-1
- SUSE-SU-2023:1639-1
- SUSE-SU-2023:1640-1
- SUSE-SU-2023:1647-1
- SUSE-SU-2023:1649-1
- SUSE-SU-2023:1653-1
- SUSE-SU-2023:1708-1
- SUSE-SU-2023:2140-1
- SUSE-SU-2023:2141-1
- SUSE-SU-2023:2231-1
- SUSE-SU-2023:2368-1
- SUSE-SU-2023:2369-1
- SUSE-SU-2023:2371-1
- SUSE-SU-2023:2384-1
- SUSE-SU-2023:2425-1
- SUSE-SU-2023:2428-1
- SUSE-SU-2023:2431-1
- SUSE-SU-2023:2443-1
- SUSE-SU-2023:2455-1
- SUSE-SU-2023:2459-1
- SUSE-SU-2023:2468-1
- SUSE-SU-2023:2500-1
- SUSE-SU-2023:2502-1
- SUSE-SU-2023:2611-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2651-1
- SUSE-SU-2023:2653-1
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2871-1
- USN-5799-1
- USN-5803-1
- USN-5809-1
- USN-5814-1
- USN-5831-1
- USN-5832-1
- USN-5860-1
- USN-5877-1
- USN-5879-1
- USN-5883-1
- USN-5915-1
- USN-5917-1
- USN-5919-1
- USN-5920-1
- USN-5924-1
- USN-5927-1
- USN-5934-1
- USN-5939-1
- USN-5940-1
- USN-5951-1
- USN-5970-1
- USN-5975-1
- USN-5979-1
- USN-5981-1
- USN-5982-1
- USN-5984-1
- USN-5987-1
- USN-5991-1
- USN-6000-1
- USN-6004-1
- USN-6009-1
- USN-6025-1
- USN-6030-1
- USN-6033-1
- USN-6040-1
- USN-6043-1
- USN-6057-1
- USN-6071-1
- USN-6072-1
- USN-6134-1
- USN-6171-1
- USN-6175-1
- USN-6186-1
- USN-6187-1
- USN-6284-1
- USN-6300-1
- USN-6301-1
- USN-6311-1
- USN-6312-1
- USN-6314-1
- USN-6331-1
- USN-6332-1
- USN-6337-1
- USN-6347-1
- USN-6385-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2150272 | https://bugzilla.redhat.com/2150272 | |
Bugzilla | 2152548 | https://bugzilla.redhat.com/2152548 | |
Bugzilla | 2159505 | https://bugzilla.redhat.com/2159505 | |
Bugzilla | 2163379 | https://bugzilla.redhat.com/2163379 | |
RHSA | RHSA-2023:1584 | https://access.redhat.com/errata/RHSA-2023:1584 | |
CVE | CVE-2022-4269 | https://access.redhat.com/security/cve/CVE-2022-4269 | |
CVE | CVE-2022-4378 | https://access.redhat.com/security/cve/CVE-2022-4378 | |
CVE | CVE-2023-0266 | https://access.redhat.com/security/cve/CVE-2023-0266 | |
CVE | CVE-2023-0386 | https://access.redhat.com/security/cve/CVE-2023-0386 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-modules?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-modules | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-modules-extra?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-modules-extra | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-kvm | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-devel | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-modules?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-modules | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-modules-extra?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-modules-extra | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-kvm | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-devel | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-core?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-debug-core | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-core?arch=x86_64&distro=redhat-8.7 | redhat | kernel-rt-core | < 4.18.0-425.19.2.rt7.230.el8_7 | redhat-8.7 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |