[ALSA-2023:2148] Important: kernel-rt security and bug fix update
Type:
security
Severity:
important
Release date:
2023-05-11
Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896) * net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461) * hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341) * malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655) * possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462) * KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789) * use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882) * KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196) * netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663) * race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028) * out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435) * race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522) * memory leak in ipv6_renew_options() (CVE-2022-3524) * data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566) * data races around sk->sk_prot (CVE-2022-3567) * memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619) * denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623) * use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625) * USB-accessible buffer overflow in brcmfmac (CVE-2022-3628) * use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640) * Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707) * mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128) * l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129) * igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141) * lockdown bypass using IMA (CVE-2022-21505) * double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388) * network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743) * unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188) * TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189) * u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674) * use-after-free related to leaf anon_vma double reuse (CVE-2022-42703) * use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720) * BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721) * Denial of service in beacon protection for P2P-device (CVE-2022-42722) * memory corruption in usbmon driver (CVE-2022-43750) * NULL pointer dereference in traffic control subsystem (CVE-2022-47929) * NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394) * use-after-free due to race condition in qdisc_graft() (CVE-2023-0590) * use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195) * denial of service in tipc_conn_close (CVE-2023-1382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
x86_64 kernel-rt-debug-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 02ff96e74d98eebde04d83daa1a930c8a17fcdf2cbbee93141ad417bc6ade229
x86_64 kernel-rt-debug-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 0f09e987aade16f8af6c1e9fa65298f5c3cf0df7fd720914c845b01cabeaf69b
x86_64 kernel-rt-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 1924d99cf1b7314af624a56edf302ac296f00e0ecf8adaef6a52c3dad8428ddc
x86_64 kernel-rt-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 2b63450d468e187cabb9811c6bab080f2ba3b0435d5d7d25335502d6a41cf7e6
x86_64 kernel-rt-debug-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 39b40a7c6fd1e1334cfa8cb890ad8dd0ba1b7edb32f305dcedab9dd5a65c965a
x86_64 kernel-rt-debug-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 3be1a80a34f21f2923bee6b18d8e7c72885b7f325fa21accf9262857b2dc59ad
x86_64 kernel-rt-debug-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 7d6790befb5635f59abc36a40d0ec81e66fbd5595afa0e718589ca6c9defc83b
x86_64 kernel-rt-debug-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 8852c8308f662fcd678606dcd841bd70ef311fdbca9956d6728966dd618b8f09
x86_64 kernel-rt-debug-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm 9882416f7514afd0dee968135853d17b5f5a01cd3db2b8c2b91906516e061ca8
x86_64 kernel-rt-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm bdd183ddc194ec375da0d7d4a03f082d95124a3a8d7ca21dfeca21d5e21289cc
x86_64 kernel-rt-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm c6c6830eda923622814e8b97ee0f1cb842fa2b5aec88e030c6c165e5b2613f48
x86_64 kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm cefd5a49af76681ba5aa5d114b82a043c0541dc007dfe06dd28597025864f88b
x86_64 kernel-rt-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm ee1c597a8e5171319c2a6d7f3f2b8d2309cca7c50663e19d5f9092c05deb482b
x86_64 kernel-rt-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm fadb325483c93043e5a3e16c310b13e554e27cd957f926d815a8eed25e42bd9d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.