[RLSA-2023:5244] kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
hw: amd: Cross-Process Information Leak (CVE-2023-20593)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
low memory deadlock with md devices and external (imsm) metadata handling - requires a kernfs notification backport (BZ#2208540)
Intel 8.9 BUG, SPR EMR FHF ACPI: Fix system hang during S3 wakeup (BZ#2218025)
OCS 4.8, cephfs kernel crash: mds_dispatch ceph_handle_snap unable to handle kernel NULL (BZ#2218271)
st_gmac: tx-checksum offload on vlan is not consistent with st_gmac interface (BZ#2219907)
refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221010)
avoid unnecessary page fault retires on shared memory types (BZ#2221100)
enable conntrack clash resolution for GRE (BZ#2223542)
ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (BZ#2224515)
libceph: harden msgr2.1 frame segment length checks 8.x
Important iavf bug fixes July 2023 (BZ#2228161)
i40e error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228163)
oops on cifs_mount due to null tcon (BZ#2229128)
iptables argument "--suppl-groups" in extension "owner" does not work in Rocky Linux8 (BZ#2229715)
Hyper-V Rocky Linux 8: incomplete fc_transport implementation in storvsc causes null dereference in fc_timed_out() (BZ#2230743)
Withdrawal: GFS2: could not freeze filesystem: -16 (BZ#2231825)
Rocky Linux 8 Hyper-V: Excessive hv_storvsc driver logging with srb_status SRB_STATUS_INTERNAL_ERROR (0x30) (BZ#2231988)
Rocky Linux-8: crypto: rng - Fix lock imbalance in crypto_del_rng (BZ#2232215)
Intel 8.9 iavf: Driver Update (BZ#2232399)
Hyper-V Rocky Linux-8 hv_storvsc driver logging excessive storvsc_log events for storvsc_on_io_completion() function (BZ#2233227)
Enhancement(s):
Intel 8.9 FEAT, EMR perf: Add EMR CPU PMU support (BZ#2230152)
Intel 8.9 FEAT, SPR EMR power: Add uncore frequency control driver (BZ#2230158)
Intel 8.9 FEAT EMR perf: RAPL PMU support on EMR (BZ#2230162)
- ID
- RLSA-2023:5244
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2023:5244
- Published
-
2023-09-26T13:26:05
(11 months ago) - Modified
-
2023-09-26T13:27:51
(11 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2023-1783
- ALAS-2023-1792
- ALAS-2023-1827
- ALAS2-2023-2027
- ALAS2-2023-2100
- ALAS2-2023-2130
- ALAS2-2023-2179
- ALAS2-2023-2190
- ALAS2-2023-2268
- ALPINE:CVE-2023-20593
- ALSA-2023:3723
- ALSA-2023:4377
- ALSA-2023:5068
- ALSA-2023:5069
- ALSA-2023:5244
- ALSA-2023:5245
- DSA-5448-1
- DSA-5453-1
- DSA-5459-1
- DSA-5461-1
- DSA-5462-1
- DSA-5480-1
- DSA-5492-1
- ELSA-2023-12654
- ELSA-2023-12655
- ELSA-2023-12656
- ELSA-2023-12657
- ELSA-2023-12688
- ELSA-2023-12689
- ELSA-2023-12690
- ELSA-2023-12691
- ELSA-2023-12692
- ELSA-2023-12836
- ELSA-2023-12839
- ELSA-2023-12842
- ELSA-2023-3723
- ELSA-2023-4377
- ELSA-2023-4819
- ELSA-2023-5068
- ELSA-2023-5069
- ELSA-2023-5244
- ELSA-2023-5622
- ELSA-2023-7423
- ELSA-2024-1831
- ELSA-2024-2004
- FEDORA-2023-04473fc41e
- FEDORA-2023-0d6aa10621
- FEDORA-2023-3661f028b8
- FEDORA-2023-7228464f28
- FEDORA-2023-e4e985b5dd
- MS:CVE-2023-3090
- MS:CVE-2023-3776
- MS:CVE-2023-4004
- RHSA-2023:3708
- RHSA-2023:3723
- RHSA-2023:4377
- RHSA-2023:4378
- RHSA-2023:4380
- RHSA-2023:4819
- RHSA-2023:4821
- RHSA-2023:4834
- RHSA-2023:5068
- RHSA-2023:5069
- RHSA-2023:5091
- RHSA-2023:5093
- RHSA-2023:5221
- RHSA-2023:5244
- RHSA-2023:5245
- RHSA-2023:5255
- RHSA-2023:5574
- RHSA-2023:5621
- RHSA-2023:5622
- RHSA-2023:7419
- RHSA-2023:7423
- RHSA-2023:7424
- RHSA-2023:7513
- RHSA-2024:2003
- RHSA-2024:2004
- SSA:2023-172-02
- SSA:2023-205-01
- SSA:2023-325-01
- SUSE-SU-2023:2500-1
- SUSE-SU-2023:2646-1
- SUSE-SU-2023:2653-1
- SUSE-SU-2023:2782-1
- SUSE-SU-2023:2803-1
- SUSE-SU-2023:2804-1
- SUSE-SU-2023:2805-1
- SUSE-SU-2023:2808-1
- SUSE-SU-2023:2809-1
- SUSE-SU-2023:2810-1
- SUSE-SU-2023:2820-1
- SUSE-SU-2023:2822-1
- SUSE-SU-2023:2830-1
- SUSE-SU-2023:2831-1
- SUSE-SU-2023:2834-1
- SUSE-SU-2023:2859-1
- SUSE-SU-2023:2871-1
- SUSE-SU-2023:2892-1
- SUSE-SU-2023:2986-1
- SUSE-SU-2023:3001-1
- SUSE-SU-2023:3006-1
- SUSE-SU-2023:3019-1
- SUSE-SU-2023:3020-1
- SUSE-SU-2023:3022-1
- SUSE-SU-2023:3035-1
- SUSE-SU-2023:3036-1
- SUSE-SU-2023:3041-1
- SUSE-SU-2023:3046-1
- SUSE-SU-2023:3055-1
- SUSE-SU-2023:3063-1
- SUSE-SU-2023:3069-1
- SUSE-SU-2023:3073-1
- SUSE-SU-2023:3075-1
- SUSE-SU-2023:3076-1
- SUSE-SU-2023:3079-1
- SUSE-SU-2023:3081-1
- SUSE-SU-2023:3083-1
- SUSE-SU-2023:3104-1
- SUSE-SU-2023:3107-1
- SUSE-SU-2023:3111-1
- SUSE-SU-2023:3115-1
- SUSE-SU-2023:3116-1
- SUSE-SU-2023:3153-1
- SUSE-SU-2023:3171-1
- SUSE-SU-2023:3172-1
- SUSE-SU-2023:3180-1
- SUSE-SU-2023:3182-1
- SUSE-SU-2023:3206-1
- SUSE-SU-2023:3302-1
- SUSE-SU-2023:3309-1
- SUSE-SU-2023:3311-1
- SUSE-SU-2023:3313-1
- SUSE-SU-2023:3318-1
- SUSE-SU-2023:3324-1
- SUSE-SU-2023:3329-1
- SUSE-SU-2023:3333-1
- SUSE-SU-2023:3349-1
- SUSE-SU-2023:3376-1
- SUSE-SU-2023:3377-1
- SUSE-SU-2023:3390-1
- SUSE-SU-2023:3391-1
- SUSE-SU-2023:3392-1
- SUSE-SU-2023:3395-1
- SUSE-SU-2023:3421-1
- SUSE-SU-2023:3446-1
- SUSE-SU-2023:3447-1
- SUSE-SU-2023:3494-1
- SUSE-SU-2023:3495-1
- SUSE-SU-2023:3496-1
- SUSE-SU-2023:3566-1
- SUSE-SU-2023:3571-1
- SUSE-SU-2023:3572-1
- SUSE-SU-2023:3576-1
- SUSE-SU-2023:3582-1
- SUSE-SU-2023:3585-1
- SUSE-SU-2023:3592-1
- SUSE-SU-2023:3594-1
- SUSE-SU-2023:3595-1
- SUSE-SU-2023:3596-1
- SUSE-SU-2023:3598-1
- SUSE-SU-2023:3603-1
- SUSE-SU-2023:3607-1
- SUSE-SU-2023:3612-1
- SUSE-SU-2023:3620-1
- SUSE-SU-2023:3621-1
- SUSE-SU-2023:3622-1
- SUSE-SU-2023:3623-1
- SUSE-SU-2023:3627-1
- SUSE-SU-2023:3628-1
- SUSE-SU-2023:3629-1
- SUSE-SU-2023:3630-1
- SUSE-SU-2023:3631-1
- SUSE-SU-2023:3632-1
- SUSE-SU-2023:3644-1
- SUSE-SU-2023:3647-1
- SUSE-SU-2023:3648-1
- SUSE-SU-2023:3653-1
- SUSE-SU-2023:3657-1
- SUSE-SU-2023:3659-1
- SUSE-SU-2023:3668-1
- SUSE-SU-2023:3671-1
- SUSE-SU-2023:3675-1
- SUSE-SU-2023:3676-1
- SUSE-SU-2023:3677-1
- SUSE-SU-2023:3749-1
- SUSE-SU-2023:3768-1
- SUSE-SU-2023:3772-1
- SUSE-SU-2023:3773-1
- SUSE-SU-2023:3783-1
- SUSE-SU-2023:3784-1
- SUSE-SU-2023:3786-1
- SUSE-SU-2023:3788-1
- SUSE-SU-2023:3809-1
- SUSE-SU-2023:3812-1
- SUSE-SU-2023:3838-1
- SUSE-SU-2023:3844-1
- SUSE-SU-2023:3846-1
- SUSE-SU-2023:3889-1
- SUSE-SU-2023:3892-1
- SUSE-SU-2023:3893-1
- SUSE-SU-2023:3894-1
- SUSE-SU-2023:3895-1
- SUSE-SU-2023:3902-1
- SUSE-SU-2023:3903-1
- SUSE-SU-2023:3922-1
- SUSE-SU-2023:3923-1
- SUSE-SU-2023:3924-1
- SUSE-SU-2023:3928-1
- SUSE-SU-2023:4095-1
- SUSE-SU-2023:4142-1
- SUSE-SU-2023:4166-1
- SUSE-SU-2023:4175-1
- SUSE-SU-2023:4201-1
- SUSE-SU-2023:4219-1
- SUSE-SU-2023:4239-1
- SUSE-SU-2023:4245-1
- SUSE-SU-2023:4260-1
- SUSE-SU-2023:4261-1
- SUSE-SU-2023:4267-1
- SUSE-SU-2023:4279-1
- SUSE-SU-2023:4285-1
- SUSE-SU-2023:4308-1
- SUSE-SU-2023:4322-1
- SUSE-SU-2023:4326-1
- SUSE-SU-2024:0884-1
- SUSE-SU-2024:0885-1
- USN-6173-1
- USN-6192-1
- USN-6193-1
- USN-6194-1
- USN-6205-1
- USN-6206-1
- USN-6212-1
- USN-6220-1
- USN-6223-1
- USN-6231-1
- USN-6234-1
- USN-6235-1
- USN-6244-1
- USN-6246-1
- USN-6247-1
- USN-6248-1
- USN-6250-1
- USN-6251-1
- USN-6252-1
- USN-6254-1
- USN-6255-1
- USN-6256-1
- USN-6260-1
- USN-6261-1
- USN-6283-1
- USN-6285-1
- USN-6300-1
- USN-6309-1
- USN-6311-1
- USN-6315-1
- USN-6316-1
- USN-6317-1
- USN-6318-1
- USN-6321-1
- USN-6324-1
- USN-6325-1
- USN-6327-1
- USN-6328-1
- USN-6329-1
- USN-6330-1
- USN-6331-1
- USN-6332-1
- USN-6340-1
- USN-6340-2
- USN-6341-1
- USN-6342-1
- USN-6342-2
- USN-6346-1
- USN-6347-1
- USN-6348-1
- USN-6349-1
- USN-6357-1
- USN-6385-1
- USN-6397-1
- USN-6442-1
- USN-6460-1
- USN-6532-1
- USN-6701-1
- USN-6701-2
- USN-6701-3
- USN-6701-4
- XSA-433
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-8.8 | rockylinux | python3-perf | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-8.8 | rockylinux | perf | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-tools | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-tools-libs | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-tools-libs-devel?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-tools-libs-devel | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-modules | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-modules-extra | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-headers | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-8.8 | rockylinux | kernel-doc | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | noarch | |
Affected | pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-devel | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debuginfo-common-aarch64 | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debug | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debug-modules | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debug-modules-extra | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debug-devel | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-debug-core | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-cross-headers?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-cross-headers | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-8.8 | rockylinux | kernel-core | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 | |
Affected | pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-8.8 | rockylinux | kernel-abi-stablelists | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | noarch | |
Affected | pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-8.8 | rockylinux | bpftool | < 4.18.0-477.27.1.el8_8 | rockylinux-8.8 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |