AlmaLinux 2318 Published by

A kernel-rt security and bug fix update has been released for AlmaLinux 9.



ALSA-2023:2148 Important: kernel-rt security and bug fix update


Type:
security

Severity:
important

Release date:
2023-05-11

Description
Security Fix(es):
* use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
* net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)
* hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)
* malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)
* possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
* KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)
* use-after-free in free_pipe_info() could lead to privilege escalation (CVE-2022-1882)
* KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)
* netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
* race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)
* out-of-bounds read in fib_nh_match of the file net/ipv4/fib_semantics.c (CVE-2022-3435)
* race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)
* memory leak in ipv6_renew_options() (CVE-2022-3524)
* data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
* data races around sk->sk_prot (CVE-2022-3567)
* memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
* denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
* use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)
* USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)
* use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c (CVE-2022-3640)
* Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
* mptcp: NULL pointer dereference in subflow traversal at disconnect time (CVE-2022-4128)
* l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)
* igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)
* lockdown bypass using IMA (CVE-2022-21505)
* double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
* network backend may cause Linux netfront to use freed SKBs (XSA-405) (CVE-2022-33743)
* unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)
* TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)
* u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)
* use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)
* use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)
* BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)
* Denial of service in beacon protection for P2P-device (CVE-2022-42722)
* memory corruption in usbmon driver (CVE-2022-43750)
* NULL pointer dereference in traffic control subsystem (CVE-2022-47929)
* NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)
* use-after-free due to race condition in qdisc_graft() (CVE-2023-0590)
* use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)
* denial of service in tipc_conn_close (CVE-2023-1382)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:
RHSA-2023:2148
CVE-2021-26341
CVE-2021-33655
CVE-2022-1462
CVE-2022-1789
CVE-2022-1882
CVE-2022-20141
CVE-2022-21505
CVE-2022-2196
CVE-2022-2663
CVE-2022-28388
CVE-2022-3028
CVE-2022-33743
CVE-2022-3435
CVE-2022-3522
CVE-2022-3524
CVE-2022-3566
CVE-2022-3567
CVE-2022-3619
CVE-2022-3623
CVE-2022-3625
CVE-2022-3628
CVE-2022-3640
CVE-2022-3707
CVE-2022-39188
CVE-2022-39189
CVE-2022-4128
CVE-2022-4129
CVE-2022-41674
CVE-2022-42703
CVE-2022-42720
CVE-2022-42721
CVE-2022-42722
CVE-2022-42896
CVE-2022-43750
CVE-2022-47929
CVE-2023-0394
CVE-2023-0461
CVE-2023-0590
CVE-2023-1195
CVE-2023-1382
ALSA-2023:2148

Updates packages:
kernel-rt-debug-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-modules-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-debug-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-modules-extra-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-kvm-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-modules-core-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm
kernel-rt-devel-5.14.0-284.11.1.rt14.296.el9_2.x86_64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:2148 Important: kernel-rt security and bug fix update