Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: kernel security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2021-26341   CVE-2021-33655   CVE-2021-33656   CVE-2022-1462   CVE-2022-1679   CVE-2022-1789   CVE-2022-2196   CVE-2022-2663   CVE-2022-3028   CVE-2022-3239   CVE-2022-3522   CVE-2022-3524   CVE-2022-3564   CVE-2022-3566   CVE-2022-3567   CVE-2022-3619   CVE-2022-3623   CVE-2022-3625   CVE-2022-3628   CVE-2022-3707   CVE-2022-4129   CVE-2022-20141   CVE-2022-25265   CVE-2022-30594   CVE-2022-39188   CVE-2022-39189   CVE-2022-41218   CVE-2022-41674   CVE-2022-42703   CVE-2022-42720   CVE-2022-42721   CVE-2022-42722   CVE-2022-43750   CVE-2022-47929   CVE-2023-0394   CVE-2023-0461   CVE-2023-1195   CVE-2023-1582   CVE-2023-23454  

Source

Synopsis

Important: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

The following packages have been upgraded to a later upstream version: kernel (4.18.0). (BZ#2122230, BZ#2122267)

Security Fix(es):

  • use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
  • net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
  • hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
  • malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
  • when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)
  • possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
  • use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
  • KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
  • KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
  • netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
  • race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)
  • media: em28xx: initialize refcount before kref_get (CVE-2022-3239)
  • race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
  • memory leak in ipv6_renew_options() (CVE-2022-3524)
  • data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
  • data races around sk->sk_prot (CVE-2022-3567)
  • memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
  • denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
  • use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
  • USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
  • Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
  • l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)
  • igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
  • Executable Space Protection Bypass (CVE-2022-25265)
  • Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
  • unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
  • TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)
  • Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)
  • u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
  • use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
  • use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
  • BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
  • Denial of service in beacon protection for P2P-device (CVE-2022-42722)
  • memory corruption in usbmon driver (CVE-2022-43750)
  • NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
  • NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
  • use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
  • Soft lockup occurred during __page_mapcount (CVE-2023-1582)
  • slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

  • BZ - 2055499 - CVE-2022-25265 kernel: Executable Space Protection Bypass
  • BZ - 2061703 - CVE-2021-26341 hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch
  • BZ - 2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c
  • BZ - 2079311 - VMs hang after migration
  • BZ - 2084125 - CVE-2022-1679 kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges
  • BZ - 2085300 - CVE-2022-30594 kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
  • BZ - 2090723 - CVE-2022-1789 kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva
  • BZ - 2108691 - CVE-2021-33655 kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory
  • BZ - 2108696 - CVE-2021-33656 kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
  • BZ - 2114937 - CVE-2022-20141 kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets
  • BZ - 2116444 - kernel: Backport vfork support for time namespaces
  • BZ - 2122228 - CVE-2022-3028 kernel: race condition in xfrm_probe_algs can lead to OOB read/write
  • BZ - 2122960 - CVE-2022-41218 kernel: Report vmalloc UAF in dvb-core/dmxdev
  • BZ - 2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue
  • BZ - 2123854 - Backport kernel audit enhancements and fixes up to upstream v6.1
  • BZ - 2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
  • BZ - 2127985 - CVE-2022-3239 kernel: media: em28xx: initialize refcount before kref_get
  • BZ - 2130141 - CVE-2022-39188 kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
  • BZ - 2131339 - CVE-2022-4269 kernel: net: CPU soft lockup in TC mirred egress-to-ingress action [rhel-8.8.0]
  • BZ - 2131391 - fuse readdir cache sometimes corrupted
  • BZ - 2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse
  • BZ - 2134377 - CVE-2022-41674 kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans()
  • BZ - 2134451 - CVE-2022-42720 kernel: use-after-free in bss_ref_get in net/wireless/scan.c
  • BZ - 2134506 - CVE-2022-42721 kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c
  • BZ - 2134517 - CVE-2022-42722 kernel: Denial of service in beacon protection for P2P-device
  • BZ - 2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference
  • BZ - 2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
  • BZ - 2139728 - [Azure][RHEL8] Live resize of disk does not trigger a rescan of the device capacity
  • BZ - 2140163 - error 524 from seccomp(2) when trying to load filter
  • BZ - 2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt
  • BZ - 2143943 - CVE-2022-3567 kernel: data races around sk->sk_prot
  • BZ - 2144720 - CVE-2022-3625 kernel: use-after-free after failed devlink reload in devlink_param_get
  • BZ - 2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options()
  • BZ - 2150960 - CVE-2022-3628 kernel: USB-accessible buffer overflow in brcmfmac
  • BZ - 2150979 - CVE-2022-3522 kernel: race condition in hugetlb_no_page() in mm/hugetlb.c
  • BZ - 2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c
  • BZ - 2151270 - CVE-2022-43750 kernel: memory corruption in usbmon driver
  • BZ - 2152133 - In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16
  • BZ - 2154171 - CVE-2023-1195 kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c
  • BZ - 2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c
  • BZ - 2154880 - [rhel8] LTP: read_all_sys - RIP: 0010:intel_rps_get_max_frequency+0x5/0x40 [i915]
  • BZ - 2159969 - backport vsock fixes for RHEL-8.8
  • BZ - 2160023 - CVE-2022-2196 kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks
  • BZ - 2162120 - CVE-2023-0394 kernel: NULL pointer dereference in rawv6_push_pending_frames
  • BZ - 2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry
  • BZ - 2166364 - NFS hang on large dirs with kenel 4.18.0-448.el8.x86_64
  • BZ - 2168246 - CVE-2022-47929 kernel: NULL pointer dereference in traffic control subsystem
  • BZ - 2168297 - CVE-2023-23454 kernel: slab-out-of-bounds read vulnerabilities in cbq_classify
  • BZ - 2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets
  • BZ - 2180936 - CVE-2023-1582 kernel: Soft lockup occurred during __page_mapcount

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started