[RLSA-2023:1470] kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
Rocky Linux9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880)
Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766)
Rocky Linux9.0 - boot: Add secure boot trailer (BZ#2151528)
kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614)
Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105)
Rocky Linux9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903)
libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956)
Azure Rocky Linux9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227)
Enhancement(s):
IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304)
Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382)
- ID
- RLSA-2023:1470
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2023:1470
- Published
-
2023-04-06T15:23:59
(17 months ago) - Modified
-
2023-04-06T15:24:50
(17 months ago) - Rights
- Copyright 2023 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALSA-2023:1470
- ALSA-2023:1566
- ALSA-2023:7077
- CISA-2023:0330
- DSA-5324-1
- DSA-5480-1
- ELSA-2023-12196
- ELSA-2023-1470
- ELSA-2023-1566
- ELSA-2023-7077
- MS:CVE-2023-0266
- RHSA-2023:1469
- RHSA-2023:1470
- RHSA-2023:1471
- RHSA-2023:1566
- RHSA-2023:1584
- RHSA-2023:1659
- RHSA-2023:6901
- RHSA-2023:7077
- RLSA-2023:1566
- SSA:2023-048-01
- SSA:2023-172-02
- SUSE-SU-2023:0152-1
- SUSE-SU-2023:0394-1
- SUSE-SU-2023:0406-1
- SUSE-SU-2023:0433-1
- SUSE-SU-2023:0485-1
- SUSE-SU-2023:0488-1
- SUSE-SU-2023:0618-1
- SUSE-SU-2023:0634-1
- SUSE-SU-2023:0779-1
- SUSE-SU-2023:1576-1
- SUSE-SU-2023:1591-1
- SUSE-SU-2023:1592-1
- SUSE-SU-2023:1595-1
- SUSE-SU-2023:1602-1
- SUSE-SU-2023:1619-1
- SUSE-SU-2023:1639-1
- SUSE-SU-2023:1640-1
- SUSE-SU-2023:1647-1
- SUSE-SU-2023:1649-1
- SUSE-SU-2023:1653-1
- SUSE-SU-2023:1708-1
- SUSE-SU-2023:1800-1
- SUSE-SU-2023:1802-1
- SUSE-SU-2023:1811-1
- SUSE-SU-2023:1892-1
- SUSE-SU-2023:1897-1
- SUSE-SU-2023:1992-1
- SUSE-SU-2023:2500-1
- SUSE-SU-2023:2502-1
- SUSE-SU-2023:2611-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2651-1
- SUSE-SU-2023:2653-1
- SUSE-SU-2023:2694-1
- SUSE-SU-2023:2695-1
- SUSE-SU-2023:2698-1
- SUSE-SU-2023:2701-1
- SUSE-SU-2023:2710-1
- SUSE-SU-2023:2714-1
- SUSE-SU-2023:2724-1
- SUSE-SU-2023:2727-1
- SUSE-SU-2023:2741-1
- SUSE-SU-2023:2755-1
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2024:1321-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1454-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1489-1
- SUSE-SU-2024:1490-1
- USN-5915-1
- USN-5917-1
- USN-5924-1
- USN-5927-1
- USN-5934-1
- USN-5939-1
- USN-5940-1
- USN-5951-1
- USN-5970-1
- USN-5975-1
- USN-5979-1
- USN-5981-1
- USN-5982-1
- USN-5984-1
- USN-5987-1
- USN-5991-1
- USN-6000-1
- USN-6004-1
- USN-6009-1
- USN-6030-1
- USN-6033-1
- USN-6171-1
- USN-6175-1
- USN-6186-1
- USN-6187-1
- USN-6284-1
- USN-6300-1
- USN-6301-1
- USN-6311-1
- USN-6312-1
- USN-6314-1
- USN-6331-1
- USN-6332-1
- USN-6337-1
- USN-6347-1
- USN-6385-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2022-4269 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269 | |
CVE | CVE-2022-4744 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744 | |
CVE | CVE-2023-0266 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0266 | |
Bugzilla | 2150272 | https://bugzilla.redhat.com/show_bug.cgi?id=2150272 | |
Bugzilla | 2156322 | https://bugzilla.redhat.com/show_bug.cgi?id=2156322 | |
Bugzilla | 2163379 | https://bugzilla.redhat.com/show_bug.cgi?id=2163379 | |
Self | RLSA-2023:1470 | https://errata.rockylinux.org/RLSA-2023:1470 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-9.1 | rockylinux | python3-perf | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-9.1 | rockylinux | perf | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-tools | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-tools-libs | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-modules | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-modules-extra | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-headers | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-9.1 | rockylinux | kernel-doc | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | noarch | |
Affected | pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-devel | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-devel-matched?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-devel-matched | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug-modules | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug-modules-extra | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug-devel | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-devel-matched?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug-devel-matched | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-debug-core | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-9.1 | rockylinux | kernel-core | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-9.1 | rockylinux | kernel-abi-stablelists | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | noarch | |
Affected | pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-9.1 | rockylinux | bpftool | < 5.14.0-162.22.2.el9_1 | rockylinux-9.1 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |