Important: kernel security, bug fix, and enhancement update

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
• kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)
• kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
• kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
• kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)
• kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
• Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
• kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
• hw: amd: Cross-Process Information Leak (CVE-2023-20593)
• kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Simultaneous writes to a page on xfs can result in zero-byte data (BZ#2184103)
• Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208286)
• Low memory deadlock with md devices and external (imsm) metadata handling - requires a kernfs notification backport (BZ#2208542)
• Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2211663)
• Marvell 8.7 Bug qedi shutdown handler hangs upon reboot (BZ#2215334)
• aacraid misses interrupts when a CPU is disabled resulting in scsi timeouts and the adapter being unusable until reboot. (BZ#2216499)
• rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9] (BZ#2216770)
• OCS 4.8 cephfs kernel crash : mds_dispatch ceph_handle_snap unable to handle kernel NULL (BZ#2218273)
• FJ8.6 Bug: System panic occurs because the list used by i40e driver is corrupted (BZ#2219262)
• st_gmac tx-checksum offload on vlan is not consistent with st_gmac interface (BZ#2219908)
• Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") (BZ#2220811)
• refcount_t overflow often happens in mem_cgroup_id_get_online() (BZ#2221011)
• Scheduler update (rhel8.8) (BZ#2221304)
• RHEL8.6 boot panic with message "kernel BUG at lib/list_debug.c:28!" (BZ#2222247)
• Enable conntrack clash resolution for GRE (BZ#2223543)
• Intel 8.8 BUG SPR perf: Workaround the UPI intel_uncore_has_discovery_tables issue on SPR MCC and LCC (BZ#2225514)
• KVM: x86: fix sending PV IPI (BZ#2226580)
• libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227074)

Enhancement(s):

• Mellanox 8.7 FEAT mlx5: It's possible to enable LRO when XDP is active (BZ#2165585)
• Export symbol pci_find_host_bridge (BZ#2225335)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat Enterprise Linux Server - AUS 8.6 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat Virtualization Host 4 for RHEL 8 x86_64
• Red Hat Enterprise Linux Server - TUS 8.6 x86_64
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
• Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
• Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
• Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
• Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
• Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

• BZ - 2108696 - CVE-2021-33656 kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds
• BZ - 2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
• BZ - 2179000 - CVE-2023-28466 kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference
• BZ - 2181891 - CVE-2023-1637 kernel: save/restore speculative MSRs during S3 suspend/resume
• BZ - 2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution
• BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
• BZ - 2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
• BZ - 2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
• BZ - 2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()
• BZ - 2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

CVEs

• CVE-2021-33656
• CVE-2022-42896
• CVE-2023-1637
• CVE-2023-1829
• CVE-2023-2002
• CVE-2023-2124
• CVE-2023-3390
• CVE-2023-20593
• CVE-2023-28466
• CVE-2023-35788

References

• https://access.redhat.com/security/updates/classification/#important