{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:5091","synopsis":"Important: kernel-rt security and bug fix update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for kernel-rt.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)\n\n* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)\n\n* kernel: net\/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)\n\n* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)\n\n* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)\n\n* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)\n\n* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)\n\n* kernel: save\/restore speculative MSRs during S3 suspend\/resume (CVE-2023-1637)\n\n* hw: amd: Cross-Process Information Leak (CVE-2023-20593)\n\n* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest Rocky Linux-9.2.z3 Batch (BZ#2228482)","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2181891","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2181891","description":""},{"ticket":"2213260","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2213260","description":""},{"ticket":"2213455","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2213455","description":""},{"ticket":"2217845","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2217845","description":""},{"ticket":"2220892","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2220892","description":""},{"ticket":"2220893","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2220893","description":""},{"ticket":"2225097","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225097","description":""},{"ticket":"2225198","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225198","description":""},{"ticket":"2225239","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225239","description":""},{"ticket":"2225275","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2225275","description":""}],"cves":[{"name":"CVE-2023-1637","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-1637","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-20593","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-20593","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-21102","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-21102","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31248","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31248","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3390","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3390","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-35001","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-35001","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3610","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3610","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-3776","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-3776","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-4004","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-4004","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-4147","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-4147","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2023-09-19T12:09:59.109271Z","rpms":{"Rocky Linux 9":{"nvras":["kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.src.rpm","kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-debug-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm","kernel-rt-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2023:5091 kernel-rt security and bug fix update

September 19, 2023
An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for kernel-rt. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


RPMs

kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.src.rpm

kernel-rt-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debuginfo-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-debug-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-devel-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-kvm-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-core-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

kernel-rt-modules-extra-0:5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1637

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20593

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21102

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31248

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3390

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35001

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3610

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4004

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4147

Severity
Name: RLSA-2023:5091
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2181891

https://bugzilla.redhat.com/show_bug.cgi?id=2213260

https://bugzilla.redhat.com/show_bug.cgi?id=2213455

https://bugzilla.redhat.com/show_bug.cgi?id=2217845

https://bugzilla.redhat.com/show_bug.cgi?id=2220892

https://bugzilla.redhat.com/show_bug.cgi?id=2220893

https://bugzilla.redhat.com/show_bug.cgi?id=2225097

https://bugzilla.redhat.com/show_bug.cgi?id=2225198

https://bugzilla.redhat.com/show_bug.cgi?id=2225239

https://bugzilla.redhat.com/show_bug.cgi?id=2225275


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved