[RLSA-2023:1470] kernel security, bug fix, and enhancement update

Severity Important

Affected Packages 20

CVEs 3

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Rocky Linux9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880)
Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766)
Rocky Linux9.0 - boot: Add secure boot trailer (BZ#2151528)
kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614)
Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105)
Rocky Linux9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903)
libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956)
Azure Rocky Linux9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227)

Enhancement(s):

IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304)
Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382)

Package	Affected Version
pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-devel-matched?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug-devel-matched?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-9.1	< 5.14.0-162.22.2.el9_1

ID

RLSA-2023:1470

Severity

important

URL

https://errata.rockylinux.org/RLSA-2023:1470

Published

2023-04-06T15:23:59
(17 months ago)

Modified

2023-04-06T15:24:50
(17 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-4269	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4269
CVE	CVE-2022-4744	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4744
CVE	CVE-2023-0266	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0266
Bugzilla	2150272	https://bugzilla.redhat.com/show_bug.cgi?id=2150272
Bugzilla	2156322	https://bugzilla.redhat.com/show_bug.cgi?id=2156322
Bugzilla	2163379	https://bugzilla.redhat.com/show_bug.cgi?id=2163379
Self	RLSA-2023:1470	https://errata.rockylinux.org/RLSA-2023:1470

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-9.1	rockylinux	python3-perf	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-9.1	rockylinux	perf	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-tools	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-tools-libs	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-modules	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-modules-extra	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-headers	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-9.1	rockylinux	kernel-doc	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-devel	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-devel-matched?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-devel-matched	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug-modules	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug-modules-extra	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug-devel	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-devel-matched?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug-devel-matched	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-debug-core	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-9.1	rockylinux	kernel-core	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64
Affected	pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-9.1	rockylinux	kernel-abi-stablelists	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	noarch
Affected	pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-9.1	rockylinux	bpftool	< 5.14.0-162.22.2.el9_1	rockylinux-9.1	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date