AlmaLinux 2325 Published by

A kernel-rt security and bug fix update has been released for AlmaLinux 8.



ALSA-2023:1584 Important: kernel-rt security and bug fix update


Type:
security

Severity:
important

Release date:
2023-04-12

Description
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Lazy irq_work does not raise softirq on PREEMPT_RT rhel-8 (BZ#2172163)
* The latest AlmaLinux 8.7.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2172278)

References:
RHSA-2023:1584
CVE-2022-4269
CVE-2022-4378
CVE-2023-0266
CVE-2023-0386
ALSA-2023:1584

Updates packages:
kernel-rt-debug-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-debug-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-debug-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-debug-core-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-debug-devel-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-modules-extra-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-kvm-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm
kernel-rt-debug-modules-4.18.0-425.19.2.rt7.230.el8_7.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:1584 Important: kernel-rt security and bug fix update