alsa-2023:0832
Vulnerability from osv_almalinux
Published
2023-02-21 00:00
Modified
2023-09-15 13:41
Summary
Important: kernel security and bug fix update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
- kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
- kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
- Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
- Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
- MEI support for Alder Lake-S (BZ#2141783)
- Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
- AlmaLinux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
- Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
- i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
- AlmaLinux8.4 - boot: Add secure boot trailer (BZ#2151530)
- error 524 from seccomp(2) when trying to load filter (BZ#2152138)
- Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
- Connectivity issue with vDPA driver (BZ#2152912)
- High Load average due to cfs cpu throttling (BZ#2153108)
- The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on almalinux-8.5 (BZ#2153230)
- AlmaLinux8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
- kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
- Azure AlmaLinux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
- Azure: VM Deployment Failures Patch Request (BZ#2155280)
- Azure vPCI AlmaLinux-8: add the support of multi-MSI (BZ#2155289)
- MSFT MANA NET Patch AlmaLinux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
- GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
- Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
- AlmaLinux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
- The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
- ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
- (AlmaLinux OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
- i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
- iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "bpftool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-abi-stablelists"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-cross-headers"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-zfcpdump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-zfcpdump-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-zfcpdump-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-zfcpdump-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-zfcpdump-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-425.13.1.el8_7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)\n* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)\n* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)\n* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)\n* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)\n* MEI support for Alder Lake-S (BZ#2141783)\n* Host Pod -\u003e Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)\n* AlmaLinux8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)\n* Intel 8.7 Bug: OS doesn\u0027t boot when vmd and interrupt remapping are enabled (BZ#2149474)\n* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)\n* AlmaLinux8.4 - boot: Add secure boot trailer (BZ#2151530)\n* error 524 from seccomp(2) when trying to load filter (BZ#2152138)\n* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)\n* Connectivity issue with vDPA driver (BZ#2152912)\n* High Load average due to cfs cpu throttling (BZ#2153108)\n* The \"kernel BUG at mm/usercopy.c:103!\" from BZ 2041529 is back on almalinux-8.5 (BZ#2153230)\n* AlmaLinux8: tick storm on nohz (isolated) CPU cores (BZ#2153653)\n* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)\n* Azure AlmaLinux 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)\n* Azure: VM Deployment Failures Patch Request (BZ#2155280)\n* Azure vPCI AlmaLinux-8: add the support of multi-MSI (BZ#2155289)\n* MSFT MANA NET Patch AlmaLinux-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)\n* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)\n* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)\n* AlmaLinux8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)\n* The \u0027date\u0027 command shows wrong time in nested KVM s390x guest (BZ#2158813)\n* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)\n* (AlmaLinux OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)\n* i40e/iavf: VF reset task fails \"Never saw reset\" with 5 second timeout per VF (BZ#2160460)\n* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)",
"id": "ALSA-2023:0832",
"modified": "2023-09-15T13:41:48Z",
"published": "2023-02-21T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0832"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-2873"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-41222"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-43945"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2119048"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2138818"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2141752"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-0832.html"
}
],
"related": [
"CVE-2022-41222",
"CVE-2022-43945",
"CVE-2022-2873"
],
"summary": "Important: kernel security and bug fix update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…