[RLSA-2023:7549] kernel security and bug fix update

Severity Important

Affected Packages 21

CVEs 7

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)
kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)
kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)
kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Random delay receiving packets after bringing up VLAN on top of VF with vf-vlan-pruning enabled (BZ#2240750)
bpf_jit_limit hit again (BZ#2243011)
HPE Edgeline 920t resets during kdump context when ice driver is loaded and when system is booted with intel_iommu=on iommu=pt (BZ#2244625)

Package	Affected Version
pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-tools-libs-devel?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-cross-headers?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9
pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-8.9	< 4.18.0-513.9.1.el8_9

ID

RLSA-2023:7549

Severity

important

URL

https://errata.rockylinux.org/RLSA-2023:7549

Published

2023-12-06T23:16:24
(9 months ago)

Modified

2023-12-06T23:18:00
(9 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-45884	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45884
CVE	CVE-2022-45886	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45886
CVE	CVE-2022-45919	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45919
CVE	CVE-2023-1192	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1192
CVE	CVE-2023-2163	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2163
CVE	CVE-2023-3812	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3812
CVE	CVE-2023-5178	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5178
Bugzilla	2148510	https://bugzilla.redhat.com/show_bug.cgi?id=2148510
Bugzilla	2148517	https://bugzilla.redhat.com/show_bug.cgi?id=2148517
Bugzilla	2151956	https://bugzilla.redhat.com/show_bug.cgi?id=2151956
Bugzilla	2154178	https://bugzilla.redhat.com/show_bug.cgi?id=2154178
Bugzilla	2224048	https://bugzilla.redhat.com/show_bug.cgi?id=2224048
Bugzilla	2240249	https://bugzilla.redhat.com/show_bug.cgi?id=2240249
Bugzilla	2241924	https://bugzilla.redhat.com/show_bug.cgi?id=2241924
Self	RLSA-2023:7549	https://errata.rockylinux.org/RLSA-2023:7549

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/rockylinux/python3-perf?arch=aarch64&distro=rockylinux-8.9	rockylinux	python3-perf	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/perf?arch=aarch64&distro=rockylinux-8.9	rockylinux	perf	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-tools?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-tools	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-tools-libs?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-tools-libs	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-tools-libs-devel?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-tools-libs-devel	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-modules?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-modules	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-modules-extra?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-modules-extra	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-headers?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-headers	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-doc?arch=noarch&distro=rockylinux-8.9	rockylinux	kernel-doc	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	noarch
Affected	pkg:rpm/rockylinux/kernel-devel?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-devel	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debuginfo-common-aarch64?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debuginfo-common-aarch64	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debug	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-modules?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debug-modules	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-modules-extra?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debug-modules-extra	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-devel?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debug-devel	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-debug-core?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-debug-core	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-cross-headers?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-cross-headers	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-core?arch=aarch64&distro=rockylinux-8.9	rockylinux	kernel-core	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64
Affected	pkg:rpm/rockylinux/kernel-abi-stablelists?arch=noarch&distro=rockylinux-8.9	rockylinux	kernel-abi-stablelists	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	noarch
Affected	pkg:rpm/rockylinux/bpftool?arch=aarch64&distro=rockylinux-8.9	rockylinux	bpftool	< 4.18.0-513.9.1.el8_9	rockylinux-8.9	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date