rhsa-2023_6901
Vulnerability from csaf_redhat
Published
2023-11-14 15:24
Modified
2024-12-04 07:34
Summary
Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)
* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)
* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)
* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)
* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
* kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)
* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)
* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)
* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)
* kernel: use-after-free in qdisc_graft (CVE-2023-0590)
* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)
* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
* kernel: denial of service in tipc_conn_close (CVE-2023-1382)
* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)
* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)
* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)
* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)
* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)
* kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)
* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)
* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)
* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)
* kernel: r592: race condition in r592_remove (CVE-2023-35825)
* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)
* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
* kernel: Use after free in r592_remove (CVE-2023-3141)
* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)
For more details about the security issue(s), refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)\n\n* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)\n\n* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)\n\n* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)\n\n* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)\n\n* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)\n\n* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)\n\n* kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)\n\n* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)\n\n* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)\n\n* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)\n\n* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)\n\n* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)\n\n* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)\n\n* kernel: use-after-free in qdisc_graft (CVE-2023-0590)\n\n* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)\n\n* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)\n\n* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)\n\n* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)\n\n* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)\n\n* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)\n\n* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)\n\n* kernel: denial of service in tipc_conn_close (CVE-2023-1382)\n\n* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)\n\n* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)\n\n* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)\n\n* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)\n\n* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)\n\n* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)\n\n* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)\n\n* kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)\n\n* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)\n\n* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)\n\n* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)\n\n* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)\n\n* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)\n\n* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)\n\n* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)\n\n* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)\n\n* kernel: r592: race condition in r592_remove (CVE-2023-35825)\n\n* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)\n\n* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)\n\n* kernel: Use after free in r592_remove (CVE-2023-3141)\n\n* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)\n\nFor more details about the security issue(s), refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6901", "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7027704", "url": "https://access.redhat.com/solutions/7027704" }, { "category": "external", "summary": "2024989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024989" }, { "category": "external", "summary": "2073091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073091" }, { "category": "external", "summary": "2133453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133453" }, { "category": "external", "summary": "2133455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133455" }, { "category": "external", "summary": "2139610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139610" }, { "category": "external", "summary": "2147356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147356" }, { "category": "external", "summary": "2148520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148520" }, { "category": "external", "summary": "2149024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149024" }, { "category": "external", "summary": "2151317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151317" }, { "category": "external", "summary": "2156322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156322" }, { "category": "external", "summary": "2165741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165741" }, { "category": "external", "summary": "2165926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165926" }, { "category": "external", "summary": "2168332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168332" }, { "category": "external", "summary": "2173403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "category": "external", "summary": "2173430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173430" }, { "category": "external", "summary": "2173434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173434" }, { "category": "external", "summary": "2173444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173444" }, { "category": "external", "summary": "2174400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174400" }, { "category": "external", "summary": "2175903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903" }, { "category": "external", "summary": "2176140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176140" }, { "category": "external", "summary": "2177371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177371" }, { "category": "external", "summary": "2177389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" }, { "category": "external", "summary": "2181330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181330" }, { "category": "external", "summary": "2182443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182443" }, { "category": "external", "summary": "2184578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184578" }, { "category": "external", "summary": "2185945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185945" }, { "category": "external", "summary": "2187257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187257" }, { "category": "external", "summary": "2188468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188468" }, { "category": "external", "summary": "2192667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192667" }, { "category": "external", "summary": "2192671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192671" }, { "category": "external", "summary": "2193097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193097" }, { "category": "external", "summary": "2193219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193219" }, { "category": "external", "summary": "2213139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213139" }, { "category": "external", "summary": "2213199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213199" }, { "category": "external", "summary": "2213485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485" }, { "category": "external", "summary": "2213802", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802" }, { "category": "external", "summary": "2214348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348" }, { "category": "external", "summary": "2215502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215502" }, { "category": "external", "summary": "2215835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215835" }, { "category": "external", "summary": "2215836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215836" }, { "category": "external", "summary": "2215837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215837" }, { "category": "external", "summary": "2218195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195" }, { "category": "external", "summary": "2218212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212" }, { "category": "external", "summary": "2218943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218943" }, { "category": "external", "summary": "2219530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219530" }, { "category": "external", "summary": "2221707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" }, { "category": "external", "summary": "2223949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223949" }, { "category": "external", "summary": "2225191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225191" }, { "category": "external", "summary": "2225201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225201" }, { "category": "external", "summary": "2225511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511" }, { "category": "external", "summary": "2236982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6901.json" } ], "title": "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update", "tracking": { "current_release_date": "2024-12-04T07:34:02+00:00", "generator": { "date": "2024-12-04T07:34:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:6901", "initial_release_date": "2023-11-14T15:24:26+00:00", "revision_history": [ { "date": "2023-11-14T15:24:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-14T15:24:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-04T07:34:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product": { "name": "Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "product": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "product_id": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.5.1.rt7.307.el8_9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src" }, "product_reference": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", "product_id": "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "NFV-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src" }, "product_reference": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", "product_id": "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "relates_to_product_reference": "RT-8.9.0.GA" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-43975", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2021-11-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2024989" } ], "notes": [ { "category": "description", "text": "An out-of-bounds write flaw was found in the Linux kernel\u2019s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-43975" }, { "category": "external", "summary": "RHBZ#2024989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024989" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43975", "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43975", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43975" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496" } ], "release_date": "2021-11-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module atlantic from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c" }, { "cve": "CVE-2022-3594", "cwe": { "id": "CWE-779", "name": "Logging of Excessive Data" }, "discovery_date": "2022-11-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2149024" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in intr_callback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Rate limit overflow messages in r8152 in intr_callback", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3594" }, { "category": "external", "summary": "RHBZ#2149024", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149024" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3594", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3594", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3594" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907" } ], "release_date": "2022-10-02T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected Realtek RTL8152/RTL8153 Based USB Ethernet Adapters (r8152) kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Rate limit overflow messages in r8152 in intr_callback" }, { "cve": "CVE-2022-3640", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-11-03T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2139610" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in the Linux Kernel in the l2cap_conn_del in net/bluetooth/l2cap_core.c function in the Bluetooth component. This issue leads to a use-after-free problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3640" }, { "category": "external", "summary": "RHBZ#2139610", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139610" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3640", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3640" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3640" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979" } ], "release_date": "2022-10-17T12:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c" }, { "acknowledgments": [ { "names": [ "Jann Horn" ], "organization": "Google Project Zero" } ], "cve": "CVE-2022-4744", "cwe": { "id": "CWE-824", "name": "Access of Uninitialized Pointer" }, "discovery_date": "2022-12-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2156322" } ], "notes": [ { "category": "description", "text": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: tun: avoid double free in tun_free_netdev", "title": "Vulnerability summary" }, { "category": "other", "text": "Keeping Red Hat Enterprise Linux version 8 with Moderate severity, because required patch 158b515f703e (see reference) missed. However, currently Red Hat Enterprise Linux version 8 not affected, because previous patch not backported too: 766b0515d5be (\"net: make sure devices go through netdev_wait_all_refs\"). Means that it is not possible to trigger the issue for the Red Hat Enterprise Linux 8, but potentially Red Hat Enterprise Linux version 8 could be vulnerable in future, so still need to fix. For the Red Hat Enterprise Linux version 9 there is known way to reproduce the issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4744" }, { "category": "external", "summary": "RHBZ#2156322", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156322" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4744", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4744" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e" } ], "release_date": "2023-03-20T10:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: tun: avoid double free in tun_free_netdev" }, { "cve": "CVE-2022-28388", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2022-04-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2073091" } ], "notes": [ { "category": "description", "text": "A double-free flaw was found in the Linux kernel\u0027s USB2CAN interface implementation. This issue could allow a local user to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is Moderate because this case doesn\u0027t lead to a kernel crash as result of the pointers reference check preventing actual second memory free. The only known attack scenario is the possibility of a denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28388" }, { "category": "external", "summary": "RHBZ#2073091", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2073091" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28388", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28388" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28388", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28388" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent module usb_8dev from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c" }, { "cve": "CVE-2022-38457", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2133455" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in the Linux kernel\u0027s vmwgfx driver in vmw_cmd_res_check. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: vmwgfx: use-after-free in vmw_cmd_res_check", "title": "Vulnerability summary" }, { "category": "other", "text": "Systems making use of the vmwgfx driver are potentially affected by this flaw; systems without the vmwgfx driver loaded are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-38457" }, { "category": "external", "summary": "RHBZ#2133455", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133455" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38457", "url": "https://www.cve.org/CVERecord?id=CVE-2022-38457" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38457", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38457" } ], "release_date": "2022-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the vmwgfx kernel module. For instructions relating to blacklisting a kernel module, please see https://access.redhat.com/solutions/41278.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: vmwgfx: use-after-free in vmw_cmd_res_check" }, { "cve": "CVE-2022-40133", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2133453" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in the Linux kernel\u0027s vmwgfx driver in vmw_execbuf_tie_context. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context", "title": "Vulnerability summary" }, { "category": "other", "text": "Systems making use of the vmwgfx driver are potentially affected by this flaw; systems without the vmwgfx driver loaded are not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40133" }, { "category": "external", "summary": "RHBZ#2133453", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2133453" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40133", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40133" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40133", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40133" } ], "release_date": "2022-09-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the vmwgfx kernel module. For instructions relating to blacklisting a kernel module, please see https://access.redhat.com/solutions/41278.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context" }, { "cve": "CVE-2022-40982", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-07-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2223949" } ], "notes": [ { "category": "description", "text": "A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core.", "title": "Vulnerability description" }, { "category": "summary", "text": "hw: Intel: Gather Data Sampling (GDS) side channel vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40982" }, { "category": "external", "summary": "RHBZ#2223949", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223949" }, { "category": "external", "summary": "RHSB-7027704", "url": "https://access.redhat.com/solutions/7027704" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40982", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40982", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40982" }, { "category": "external", "summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" } ], "release_date": "2023-08-08T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "hw: Intel: Gather Data Sampling (GDS) side channel vulnerability" }, { "cve": "CVE-2022-42895", "cwe": { "id": "CWE-824", "name": "Access of Uninitialized Pointer" }, "discovery_date": "2022-11-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2147356" } ], "notes": [ { "category": "description", "text": "An information leak vulnerability was found in the Linux kernel\u0027s implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_req function. An attacker with physical access within the range of standard Bluetooth transmission could use this flaw to leak kernel pointers via Bluetooth if within proximity of the victim.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for parsing Extended Flow Specification option in L2CAP Config Request (upstream commit 42dceae2).", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42895" }, { "category": "external", "summary": "RHBZ#2147356", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2147356" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42895", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42895", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42895" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357", "url": "https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357" } ], "release_date": "2022-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c" }, { "cve": "CVE-2022-45869", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2022-11-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2151317" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: KVM: x86/mmu: race condition in direct_page_fault()", "title": "Vulnerability summary" }, { "category": "other", "text": "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview and is therefore unsupported for production use. For additional details, please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45869" }, { "category": "external", "summary": "RHBZ#2151317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151317" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45869", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45869", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45869" } ], "release_date": "2022-11-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This vulnerability can be mitigated by disabling the nested virtualization feature.\n\nFor Intel:\n```\n# modprobe -r kvm_intel\n# modprobe kvm_intel nested=0\n```\n\nFor AMD:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: KVM: x86/mmu: race condition in direct_page_fault()" }, { "cve": "CVE-2022-45887", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2022-11-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2148520" } ], "notes": [ { "category": "description", "text": "A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45887" }, { "category": "external", "summary": "RHBZ#2148520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148520" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45887", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45887" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45887" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/" } ], "release_date": "2022-11-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the `ttusb_dec` kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c" }, { "cve": "CVE-2023-0458", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2023-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2193219" } ], "notes": [ { "category": "description", "text": "A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \u0027rlim\u0027 variable and can be used to leak the contents.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0458" }, { "category": "external", "summary": "RHBZ#2193219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0458", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0458" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0458", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0458" }, { "category": "external", "summary": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11", "url": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11" } ], "release_date": "2023-01-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c" }, { "acknowledgments": [ { "names": [ "Jann Horn" ], "organization": "Google Project Zero" } ], "cve": "CVE-2023-0590", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-01-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165741" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free due to race condition in qdisc_graft()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0590" }, { "category": "external", "summary": "RHBZ#2165741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165741" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0590", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0590", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0590" }, { "category": "external", "summary": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/", "url": "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/" } ], "release_date": "2022-10-18T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free due to race condition in qdisc_graft()" }, { "cve": "CVE-2023-0597", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2023-01-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165926" } ], "notes": [ { "category": "description", "text": "A possible unauthorized memory access flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. This issue could allow a local user to gain access to some important data with expected location in memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: x86/mm: Randomize per-cpu entry area", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0597" }, { "category": "external", "summary": "RHBZ#2165926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165926" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0597", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0597" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/", "url": "https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/" } ], "release_date": "2022-10-07T08:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: x86/mm: Randomize per-cpu entry area" }, { "cve": "CVE-2023-1073", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2173403" } ], "notes": [ { "category": "description", "text": "A memory corruption flaw was found in the Linux kernel\u2019s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: HID: check empty report_list in hid_validate_values()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1073" }, { "category": "external", "summary": "RHBZ#2173403", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173403" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1073", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1073", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1073" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2023/01/17/3", "url": "https://www.openwall.com/lists/oss-security/2023/01/17/3" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: HID: check empty report_list in hid_validate_values()" }, { "cve": "CVE-2023-1074", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2023-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2173430" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in the Linux kernel\u0027s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: sctp: fail if no bound addresses can be used for a given scope", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1074" }, { "category": "external", "summary": "RHBZ#2173430", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173430" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1074", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1074", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1074" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2023/01/23/1", "url": "https://www.openwall.com/lists/oss-security/2023/01/23/1" } ], "release_date": "2023-01-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent module sctp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: sctp: fail if no bound addresses can be used for a given scope" }, { "cve": "CVE-2023-1075", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2023-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2173434" } ], "notes": [ { "category": "description", "text": "A memory leak flaw was found in the Linux kernel\u0027s TLS protocol. This issue could allow a local user unauthorized access to some memory.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/tls: tls_is_tx_ready() checked list_entry", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1075" }, { "category": "external", "summary": "RHBZ#2173434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173434" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1075", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1075" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1075", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1075" } ], "release_date": "2023-01-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: net/tls: tls_is_tx_ready() checked list_entry" }, { "cve": "CVE-2023-1079", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2173444" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in asus_kbd_backlight_set in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: hid: Use After Free in asus_remove()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1079" }, { "category": "external", "summary": "RHBZ#2173444", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173444" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1079", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1079" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df" } ], "release_date": "2023-02-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected ASUS HID driver (for notebook built-in keyboard) module from loading during the boot time, ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: hid: Use After Free in asus_remove()" }, { "acknowledgments": [ { "names": [ "Duoming Zhou" ] } ], "cve": "CVE-2023-1118", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2174400" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u0027s integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "Because this vulnerability requires an attacker to either have physical access to a system with infrared receiver/transceiver hardware or requires a remote authenticated user to have knowledge about such hardware attached to the system and when it is disconnected, Red Hat assesses the impact of this vulnerability as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1118" }, { "category": "external", "summary": "RHBZ#2174400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174400" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1118", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1118" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1118", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1118" }, { "category": "external", "summary": "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17", "url": "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17" } ], "release_date": "2023-02-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent module ene_ir from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition" }, { "cve": "CVE-2023-1206", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "discovery_date": "2023-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2175903" } ], "notes": [ { "category": "description", "text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: hash collisions in the IPv6 connection lookup table", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1206" }, { "category": "external", "summary": "RHBZ#2175903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175903" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1206" }, { "category": "external", "summary": "https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc", "url": "https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc" } ], "release_date": "2023-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "https://access.redhat.com/solutions/30453", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: hash collisions in the IPv6 connection lookup table" }, { "acknowledgments": [ { "names": [ "Jann Horn" ], "organization": "Google Project Zero" } ], "cve": "CVE-2023-1252", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2176140" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (\"ovl: fix use after free in struct ovl_aio_req\") not applied yet, the kernel could be affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ovl: fix use after free in struct ovl_aio_req", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is possibly only triggered if an Ext4 filesystem is mounted. Because of that fact, and because exploitation would require that an attacker was able to control how that filesystem interacted with an OverlayFS filesystem, Red Hat assesses the impact of this vulnerability as Medium.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1252" }, { "category": "external", "summary": "RHBZ#2176140", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176140" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1252", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1252" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1252", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1252" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/", "url": "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/" } ], "release_date": "2021-11-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ovl: fix use after free in struct ovl_aio_req" }, { "acknowledgments": [ { "names": [ "Wei Chen" ] } ], "cve": "CVE-2023-1382", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2023-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177371" } ], "notes": [ { "category": "description", "text": "A data race flaw was found in the Linux kernel, between where con is allocated and con-\u003esock is set. This issue leads to a NULL pointer dereference when accessing con-\u003esock-\u003esk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: denial of service in tipc_conn_close", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1382" }, { "category": "external", "summary": "RHBZ#2177371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177371" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1382", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1382" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1382", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1382" }, { "category": "external", "summary": "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u", "url": "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u" } ], "release_date": "2022-11-18T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected transparent inter-process communication (TIPC) protocol kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: denial of service in tipc_conn_close" }, { "cve": "CVE-2023-1855", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2184578" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: use-after-free bug in remove function xgene_hwmon_remove", "title": "Vulnerability summary" }, { "category": "other", "text": "Because this flaw affects a specific CPU family, and because exploitation requires elevated system privileges, Red Hat assesses the impact of this flaw as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1855" }, { "category": "external", "summary": "RHBZ#2184578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184578" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1855", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1855", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1855" }, { "category": "external", "summary": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/", "url": "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/" } ], "release_date": "2023-03-10T10:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected APM X-Gene SoC HW monitor kernel driver (apm_xgene) from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: use-after-free bug in remove function xgene_hwmon_remove" }, { "cve": "CVE-2023-1989", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-04-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185945" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free bug in btsdio_remove due to race condition", "title": "Vulnerability summary" }, { "category": "other", "text": "Because successful exploitation of this flaw requires that a system supports SDIO hardware and that an attacker has control over attaching and detaching that hardware, Red Hat assesses the impact of this vulnerability as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1989" }, { "category": "external", "summary": "RHBZ#2185945", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185945" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1989", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1989", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1989" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088" } ], "release_date": "2023-03-09T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected Generic Bluetooth SDIO driver kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Use after free bug in btsdio_remove due to race condition" }, { "cve": "CVE-2023-1998", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-04-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2187257" } ], "notes": [ { "category": "description", "text": "It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes running on the same physical core in another hyperthread.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Spectre v2 SMT mitigations problem", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1998" }, { "category": "external", "summary": "RHBZ#2187257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1998", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1998" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1998", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1998" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx", "url": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx" } ], "release_date": "2023-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by disabling Simultaneous Multithreading (SMT). For instructions on how to disable SMT in RHEL, please see https://access.redhat.com/solutions/rhel-smt.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Spectre v2 SMT mitigations problem" }, { "acknowledgments": [ { "names": [ "Weiteng Chen. University of California, Riverside." ] } ], "cve": "CVE-2023-2269", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "discovery_date": "2023-04-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2189388" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Because exploitation of this flaw requires that an attacker has privileges sufficient to manage md arrays, Red Hat assesses the impact of this vulnerability as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2269" }, { "category": "external", "summary": "RHBZ#2189388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2269", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2269" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2269", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2269" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/", "url": "https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/" } ], "release_date": "2023-04-17T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos" }, { "cve": "CVE-2023-2513", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2193097" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in the Linux kernel\u0027s ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: ext4: use-after-free in ext4_xattr_set_entry()", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having Moderate impact because of the preconditions needed to trigger the issue. The vulnerability can be exploited by a regular user, but the filesystem should be mounted with `debug_want_extra_isize`=128 and the user must have write access to the filesystem. It\u0027s also important to emphasize that `debug_want_extra_isize` is a debug mount option and should never be used in production.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2513" }, { "category": "external", "summary": "RHBZ#2193097", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2193097" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2513", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2513" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2513", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2513" } ], "release_date": "2022-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: ext4: use-after-free in ext4_xattr_set_entry()" }, { "cve": "CVE-2023-3141", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-05-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213199" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Use after free bug in r592_remove", "title": "Vulnerability summary" }, { "category": "other", "text": "Because this flaw requires that specific peripheral hardware is attached, that an attacker has access to the hardware, and that the attacker is able to control the timing of hardware or media attachment and removal, Red Hat assesses the impact of this vulnerability as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3141" }, { "category": "external", "summary": "RHBZ#2213199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213199" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3141", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3141" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3141", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3141" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/", "url": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/" } ], "release_date": "2023-03-07T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: Use after free bug in r592_remove" }, { "acknowledgments": [ { "names": [ "Sanan Hasanov" ] } ], "cve": "CVE-2023-3161", "cwe": { "id": "CWE-1335", "name": "Incorrect Bitwise Shift of Integer" }, "discovery_date": "2023-06-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213485" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font-\u003ewidth and font-\u003eheight greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: fbcon: shift-out-of-bounds in fbcon_set_font()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3161" }, { "category": "external", "summary": "RHBZ#2213485", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213485" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3161", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3161" } ], "release_date": "2023-01-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: fbcon: shift-out-of-bounds in fbcon_set_font()" }, { "cve": "CVE-2023-3212", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2023-05-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2214348" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. This flaw allows a privileged local user to cause a kernel panic.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()", "title": "Vulnerability summary" }, { "category": "other", "text": "Because exploitation of this flaw requires that an attacker is able to mount volumes they have prepared themselves or to corrupt existing system volumes, Red Hat assesses the impact of this vulnerability as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3212" }, { "category": "external", "summary": "RHBZ#2214348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2214348" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3212", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3212" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3212", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3212" } ], "release_date": "2023-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()" }, { "cve": "CVE-2023-3268", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2023-05-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215502" } ], "notes": [ { "category": "description", "text": "An out-of-bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds access in relay_file_read", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3268" }, { "category": "external", "summary": "RHBZ#2215502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215502" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3268", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3268" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3268", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3268" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/", "url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/" } ], "release_date": "2023-04-19T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: out-of-bounds access in relay_file_read" }, { "cve": "CVE-2023-3609", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2225201" } ], "notes": [ { "category": "description", "text": "A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3609" }, { "category": "external", "summary": "RHBZ#2225201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225201" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3609", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3609" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3609", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3609" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc" } ], "release_date": "2023-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent module cls_u32 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails" }, { "cve": "CVE-2023-3611", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2225191" } ], "notes": [ { "category": "description", "text": "An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3611" }, { "category": "external", "summary": "RHBZ#2225191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225191" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3611", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3611", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3611" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64" } ], "release_date": "2023-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\n How do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead" }, { "acknowledgments": [ { "names": [ "Lin Ma" ], "organization": "ZJU \u0026 Ant Security Light-Year Lab" } ], "cve": "CVE-2023-3772", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2023-06-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2218943" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel\u2019s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-3772" }, { "category": "external", "summary": "RHBZ#2218943", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218943" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3772", "url": "https://www.cve.org/CVERecord?id=CVE-2023-3772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3772" } ], "release_date": "2023-07-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()" }, { "cve": "CVE-2023-4128", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2261965" } ], "notes": [ { "category": "description", "text": "This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", "title": "Vulnerability summary" }, { "category": "other", "text": "All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4128" }, { "category": "external", "summary": "RHBZ#2261965", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2261965" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4128", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4128" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-4206", "url": "https://access.redhat.com/security/cve/CVE-2023-4206" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-4207", "url": "https://access.redhat.com/security/cve/CVE-2023-4207" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-4208", "url": "https://access.redhat.com/security/cve/CVE-2023-4208" } ], "release_date": "2023-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route" }, { "acknowledgments": [ { "names": [ "Duoming Zhou" ] } ], "cve": "CVE-2023-4132", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-07-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2221707" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: smsusb: use-after-free caused by do_submit_urb()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4132" }, { "category": "external", "summary": "RHBZ#2221707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4132", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4132" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4132" } ], "release_date": "2023-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: smsusb: use-after-free caused by do_submit_urb()" }, { "cve": "CVE-2023-4155", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "discovery_date": "2023-05-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213802" } ], "notes": [ { "category": "description", "text": "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as they did not include support for KVM AMD Secure Encrypted Virtualization (SEV). \nNote: AMD SEV is currently provided as a Technology Preview in RHEL 8, therefore, it is unsupported for production use. For additional details see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4155" }, { "category": "external", "summary": "RHBZ#2213802", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213802" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4155", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4155" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4155", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4155" } ], "release_date": "2023-08-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability" }, { "cve": "CVE-2023-4206", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2225511" } ], "notes": [ { "category": "description", "text": "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4206" }, { "category": "external", "summary": "RHBZ#2225511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4206", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4206", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4206" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "category": "external", "summary": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", "url": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" } ], "release_date": "2023-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route" }, { "cve": "CVE-2023-4207", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2225511" } ], "notes": [ { "category": "description", "text": "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4207" }, { "category": "external", "summary": "RHBZ#2225511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4207", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4207", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4207" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "category": "external", "summary": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", "url": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" } ], "release_date": "2023-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route" }, { "cve": "CVE-2023-4208", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-07-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2225511" } ], "notes": [ { "category": "description", "text": "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4208" }, { "category": "external", "summary": "RHBZ#2225511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4208", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4208", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4208" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8" }, { "category": "external", "summary": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", "url": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" } ], "release_date": "2023-07-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route" }, { "cve": "CVE-2023-4732", "cwe": { "id": "CWE-366", "name": "Race Condition within a Thread" }, "discovery_date": "2023-09-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236982" } ], "notes": [ { "category": "description", "text": "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4732" }, { "category": "external", "summary": "RHBZ#2236982", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236982" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4732", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4732" } ], "release_date": "2023-09-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "A possible workaround is disabling Transparent Hugepage", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h" }, { "cve": "CVE-2023-23455", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "discovery_date": "2023-01-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2168332" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TC_ACT_SHOT condition rather than valid classification results.", "title": "Vulnerability description" }, { "category": "summary", "text": "Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23455" }, { "category": "external", "summary": "RHBZ#2168332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23455", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23455", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23455" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b" } ], "release_date": "2023-01-01T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "The mitigation is to disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n\n```\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion" }, { "cve": "CVE-2023-26545", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2023-02-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182443" } ], "notes": [ { "category": "description", "text": "A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: mpls: double free on sysctl allocation failure", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include MPLS routing support, which was introduced upstream in version 4.1-rc1 (commit 0189197 \"mpls: Basic routing support\").", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26545" }, { "category": "external", "summary": "RHBZ#2182443", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182443" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26545", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26545", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26545" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: mpls: double free on sysctl allocation failure" }, { "acknowledgments": [ { "names": [ "Wei Chen" ] } ], "cve": "CVE-2023-28328", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2023-03-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177389" } ], "notes": [ { "category": "description", "text": "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw can be mitigated by preventing the affected dvb_usb_az6027 kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28328" }, { "category": "external", "summary": "RHBZ#2177389", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177389" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28328", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28328" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28328", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28328" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com/", "url": "https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com/" }, { "category": "external", "summary": "https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/", "url": "https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/" } ], "release_date": "2022-11-18T06:30:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c" }, { "cve": "CVE-2023-28772", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2023-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2181330" } ], "notes": [ { "category": "description", "text": "A buffer overflow write flaw was identified in seq_buf_putmem_hex in lib/seq_buf.c in seq_buf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-28772" }, { "category": "external", "summary": "RHBZ#2181330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-28772", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28772" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28772", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28772" }, { "category": "external", "summary": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7", "url": "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7" } ], "release_date": "2023-03-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow" }, { "cve": "CVE-2023-30456", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2023-04-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188468" } ], "notes": [ { "category": "description", "text": "A flaw was found in the KVM\u0027s Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: KVM: nVMX: missing consistency checks for CR0 and CR4", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat currently provides the nested virtualization feature as a Technology Preview. Nested virtualization is therefore unsupported for production use. For more information please refer to https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-30456" }, { "category": "external", "summary": "RHBZ#2188468", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188468" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-30456", "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-30456", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30456" } ], "release_date": "2023-04-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_intel\n# modprobe kvm_intel nested=0\n```", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: KVM: nVMX: missing consistency checks for CR0 and CR4" }, { "cve": "CVE-2023-31084", "discovery_date": "2023-06-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2213139" } ], "notes": [ { "category": "description", "text": "A potential deadlock flaw was found in the Linux\u2019s kernel DVB API (used by Digital TV devices) functionality. This flaw allows a local user to crash the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-31084" }, { "category": "external", "summary": "RHBZ#2213139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-31084", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31084" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31084" } ], "release_date": "2023-04-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible" }, { "cve": "CVE-2023-31436", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-05-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2192671" } ], "notes": [ { "category": "description", "text": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: out-of-bounds write in qfq_change_class function", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-31436" }, { "category": "external", "summary": "RHBZ#2192671", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192671" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-31436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-31436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31436" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d" } ], "release_date": "2023-04-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "To mitigate this issue, prevent the module, sch_qfq from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "kernel: out-of-bounds write in qfq_change_class function" }, { "cve": "CVE-2023-33203", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-03-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2192667" } ], "notes": [ { "category": "description", "text": "A race condition vulnerability was found in the Linux kernel\u0027s Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include support for the EMAC Gigabit Ethernet Controller.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33203" }, { "category": "external", "summary": "RHBZ#2192667", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192667" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33203", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33203", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33203" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()" }, { "cve": "CVE-2023-33951", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2218195" } ], "notes": [ { "category": "description", "text": "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: vmwgfx: race condition leading to information disclosure vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33951" }, { "category": "external", "summary": "RHBZ#2218195", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218195" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33951", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33951" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33951", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33951" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: vmwgfx: race condition leading to information disclosure vulnerability" }, { "cve": "CVE-2023-33952", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2023-06-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2218212" } ], "notes": [ { "category": "description", "text": "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: vmwgfx: double free within the handling of vmw_buffer_object objects", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw has been rated as having Moderate impact because of the preconditions needed to trigger the issue: An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33952" }, { "category": "external", "summary": "RHBZ#2218212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33952", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33952" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33952", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33952" }, { "category": "external", "summary": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292", "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" }, { "category": "workaround", "details": "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: vmwgfx: double free within the handling of vmw_buffer_object objects" }, { "cve": "CVE-2023-35823", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215835" } ], "notes": [ { "category": "description", "text": "A race condition was found in the Linux kernel\u0027s saa7134 device driver. This occurs when removing the module before cleanup in the saa7134_finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()", "title": "Vulnerability summary" }, { "category": "other", "text": "Because this flaw only affects systems with specific hardware installed, and because exploitation requires an attacker to be able to manipulate the driver or the physical hardware with precise timing, Red Hat assesses the impact of this vulnerability as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-35823" }, { "category": "external", "summary": "RHBZ#2215835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35823", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35823", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35823" } ], "release_date": "2023-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()" }, { "cve": "CVE-2023-35824", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215836" } ], "notes": [ { "category": "description", "text": "A race condition was found in the Linux kernel\u0027s dm1105 device driver when removing the module before cleanup in the dm1105_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()", "title": "Vulnerability summary" }, { "category": "other", "text": "Because this flaw only affects systems with specific hardware installed, and because exploitation requires an attacker to be able to manipulate the driver with precise timing, Red Hat assesses the impact of this vulnerability as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-35824" }, { "category": "external", "summary": "RHBZ#2215836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215836" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35824", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35824", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35824" } ], "release_date": "2023-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()" }, { "cve": "CVE-2023-35825", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215837" } ], "notes": [ { "category": "description", "text": "A race condition was found in the Linux kernel\u0027s r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", "title": "Vulnerability description" }, { "category": "summary", "text": "kernel: r592: race condition leading to use-after-free in r592_remove()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-35825" }, { "category": "external", "summary": "RHBZ#2215837", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215837" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35825", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35825" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35825", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35825" } ], "release_date": "2023-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-14T15:24:26+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", "product_ids": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6901" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kernel: r592: race condition leading to use-after-free in r592_remove()" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.