alsa-2023:3723
Vulnerability from osv_almalinux
Published
2023-06-21 00:00
Modified
2023-07-11 20:32
Summary
Important: kernel security and bug fix update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
- kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
- Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
- kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
- kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)
- kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Intel QAT Update - (kernel changes) (BZ#2176846)
- RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2178857)
- In FIPS mode, kernel does not transition into error state when RCT or APT health tests fail (BZ#2181727)
- Kernel BUG in iwlmvm wifi driver when used Mesh systems (BZ#2186723)
- Azure AlmaLinux 9 Backport upstream commit 93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to uninitialized current_vmcs] (BZ#2186822)
- AlmaLinux 9 blktests nvme/047 lead kernel NULL pointer (BZ#2187536)
- Single Node Openshift cluster becomes unreachable after running less than 2 hours (BZ#2187709)
- kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds (BZ#2188655)
- fix page end in filemap_get_read_batch (BZ#2189349)
- AlmaLinux 9.2 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2192348)
- wdat_wdt watchdog timeout triggered unexpectedly (BZ#2192585)
- ice: high CPU usage with GNSS or ptp4l (BZ#2203154)
- AlmaLinux 9 "smpboot: Scheduler frequency invariance went wobbly, disabling!" on nohz_full CPUs after long run (BZ#2203178)
- Dying percpu kworkers cause issues on isolated CPUs [almalinux-9] (BZ#2203229)
- FJ9.2 Bug: [REG] NFS infinite loop of COMMIT call and NFS4ERR_DELAY reply. (BZ#2203335)
- perf errors - "event syntax error: 'unc_p_delayed_c_state_abort_core5'" b'_ value too big for format, maximum is 255' (BZ#2207471)
- AlmaLinux 9: Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208242)
- cifs: backport small patches to bring us close to 9.1 - backport commit aea02fc40a7f cifs: fix wrong unlock before return from cifs_tree_connect (BZ#2209045)
- AlmaLinux 9 x86_64, kdump 2nd kernel will randomly panic on "kvm-08-guest25.hv2" (BZ#2210614)
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "bpftool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-64k-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-abi-stablelists"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-debug-uki-virt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-uki-virt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-devel-matched"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-modules-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "kernel-zfcpdump-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3-perf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rtla"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.14.0-284.18.1.el9_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)\n* kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)\n* Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)\n* kernel: OOB access in the Linux kernel\u0027s XFS subsystem (CVE-2023-2124)\n* kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)\n* kernel: tls: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (CVE-2023-28466)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Intel QAT Update - (kernel changes) (BZ#2176846)\n* RPL-P IOTG/RPL-S IOTG: cpu frequency issues (BZ#2178857)\n* In FIPS mode, kernel does not transition into error state when RCT or APT health tests fail (BZ#2181727)\n* Kernel BUG in iwlmvm wifi driver when used Mesh systems (BZ#2186723)\n* Azure AlmaLinux 9 Backport upstream commit 93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to uninitialized current_vmcs] (BZ#2186822)\n* AlmaLinux 9 blktests nvme/047 lead kernel NULL pointer (BZ#2187536)\n* Single Node Openshift cluster becomes unreachable after running less than 2 hours (BZ#2187709)\n* kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds (BZ#2188655)\n* fix page end in filemap_get_read_batch (BZ#2189349)\n* AlmaLinux 9.2 hwpoison: data loss when memory error occurs on hugetlb pagecache (BZ#2192348)\n* wdat_wdt watchdog timeout triggered unexpectedly (BZ#2192585)\n* ice: high CPU usage with GNSS or ptp4l (BZ#2203154)\n* AlmaLinux 9 \"smpboot: Scheduler frequency invariance went wobbly, disabling!\" on nohz_full CPUs after long run (BZ#2203178)\n* Dying percpu kworkers cause issues on isolated CPUs [almalinux-9] (BZ#2203229)\n* FJ9.2 Bug: [REG] NFS infinite loop of COMMIT call and NFS4ERR_DELAY reply. (BZ#2203335)\n* perf errors - \"event syntax error: \u0027unc_p_delayed_c_state_abort_core5\u0027\" b\u0027_ value too big for format, maximum is 255\u0027 (BZ#2207471)\n* AlmaLinux 9: Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208242)\n* cifs: backport small patches to bring us close to 9.1 - backport commit aea02fc40a7f cifs: fix wrong unlock before return from cifs_tree_connect (BZ#2209045)\n* AlmaLinux 9 x86_64, kdump 2nd kernel will randomly panic on \"kvm-08-guest25.hv2\" (BZ#2210614)",
"id": "ALSA-2023:3723",
"modified": "2023-07-11T20:32:33Z",
"published": "2023-06-21T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:3723"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2002"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2124"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2194"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-2235"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-28466"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-32233"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2179000"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2187308"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2187439"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2188396"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2192589"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2196105"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-3723.html"
}
],
"related": [
"CVE-2023-2235",
"CVE-2023-32233",
"CVE-2023-2002",
"CVE-2023-2124",
"CVE-2023-2194",
"CVE-2023-28466"
],
"summary": "Important: kernel security and bug fix update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…