ALSA-2023:5091

[ALSA-2023:5091] Important: kernel-rt security and bug fix update

Type:

security

Severity:

important

Release date:

2023-09-14

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)
* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)
* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
* kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
* hw: amd: Cross-Process Information Leak (CVE-2023-20593)
* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest AlmaLinux-9.2.z3 Batch (BZ#2228482)

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	kernel-rt-debug-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	06e11773812408eab8f8869f1641f75fedd0ad208b5b6519ee796a5cb5a19d3e
x86_64	kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	13b6f1bf17e3573814b877ae2cf2abfda60c6471fdc17ed11f013b3ed14fd0e8
x86_64	kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	243cfe90c837c69c2fb2705b4f042444b127b4e71a0b3e03b8c4c1180f0a1ebd
x86_64	kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	2595618f4f9d2b606f5c2de0a79d8437a1b72c78129be17e88ae6583d3e0ac6d
x86_64	kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	2e4308661b34e11609f08cd8424f6fd5ca6dae4ef14a1f3d97d0c49ccfee6567
x86_64	kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	34a6bc1423687e4ec97265404a2e43689848eaca86b194bdf2044cf99e42def9
x86_64	kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	3b9d1af521a676844700d5f33e0eab67e3a295ba36f95197a8f6d5a3931c64fc
x86_64	kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	697880be5672a5a53e39f210d6153e8c9295e56854aaba1a9db18ef7441f7fe7
x86_64	kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	6d4c88905392f01598726da19d7df641ab6febd1b828685052cbb43dfd3ea0c6
x86_64	kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	8b4a87d4d8aa5815ed5b8494a4ead92c7a655bd7f337792985f960bdbe4c9a1a
x86_64	kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	91dc4d0d3ab87eebbd02162c21e6985f7624136b4ad57115cbf622820d0044da
x86_64	kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	d568e45e88f7bbcddc6c82ad2bd7361c5985e226ebaddef28e0088fc9e834312
x86_64	kernel-rt-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	f98c221ec85d3a7a2eddfef0c17e45bd73302f19c5a5504cc82e0fb86735036f
x86_64	kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm	fba4dc518c442f0efeca02036b388570e7594e3ff91ea6d3badaf86b727c71f8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.