概述
Important: kpatch-patch security update
类型/严重性
Security Advisory: Important
标题
An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.
Security Fix(es):
- kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
- kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
- kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
受影响的产品
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
修复
-
BZ - 2188470
- CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
-
BZ - 2213260
- CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
-
BZ - 2215768
- CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
-
BZ - 2218672
- CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb
-
BZ - 2220892
- CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
-
BZ - 2225275
- CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()