AlmaLinux 2325 Published by

A kernel-rt security and bug fix update has been released for AlmaLinux 9.



ALSA-2023:5091


ALSA-2023:5091 Important: kernel-rt security and bug fix update
Type:
security

Severity:
important

Release date:
2023-09-14

Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
* kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE (CVE-2023-3610)
* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
* kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
* kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)
* kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
* kernel: save/restore speculative MSRs during S3 suspend/resume (CVE-2023-1637)
* hw: amd: Cross-Process Information Leak (CVE-2023-20593)
* kernel: bypass of shadow stack protection due to a logic error (CVE-2023-21102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel-rt: update RT source tree to the latest AlmaLinux-9.2.z3 Batch (BZ#2228482)

References:
CVE-2023-1637
CVE-2023-20593
CVE-2023-21102
CVE-2023-31248
CVE-2023-3390
CVE-2023-35001
CVE-2023-3610
CVE-2023-3776
CVE-2023-4004
CVE-2023-4147
RHSA-2023:5091
ALSA-2023:5091
Updated packages listed below:
Architecture
Package
Checksum
x86_64
kernel-rt-debug-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
06e11773812408eab8f8869f1641f75fedd0ad208b5b6519ee796a5cb5a19d3e
x86_64
kernel-rt-debug-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
13b6f1bf17e3573814b877ae2cf2abfda60c6471fdc17ed11f013b3ed14fd0e8
x86_64
kernel-rt-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
243cfe90c837c69c2fb2705b4f042444b127b4e71a0b3e03b8c4c1180f0a1ebd
x86_64
kernel-rt-debug-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
2595618f4f9d2b606f5c2de0a79d8437a1b72c78129be17e88ae6583d3e0ac6d
x86_64
kernel-rt-debug-modules-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
2e4308661b34e11609f08cd8424f6fd5ca6dae4ef14a1f3d97d0c49ccfee6567
x86_64
kernel-rt-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
34a6bc1423687e4ec97265404a2e43689848eaca86b194bdf2044cf99e42def9
x86_64
kernel-rt-modules-extra-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
3b9d1af521a676844700d5f33e0eab67e3a295ba36f95197a8f6d5a3931c64fc
x86_64
kernel-rt-debug-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
697880be5672a5a53e39f210d6153e8c9295e56854aaba1a9db18ef7441f7fe7
x86_64
kernel-rt-debug-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
6d4c88905392f01598726da19d7df641ab6febd1b828685052cbb43dfd3ea0c6
x86_64
kernel-rt-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
8b4a87d4d8aa5815ed5b8494a4ead92c7a655bd7f337792985f960bdbe4c9a1a
x86_64
kernel-rt-devel-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
91dc4d0d3ab87eebbd02162c21e6985f7624136b4ad57115cbf622820d0044da
x86_64
kernel-rt-modules-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
d568e45e88f7bbcddc6c82ad2bd7361c5985e226ebaddef28e0088fc9e834312
x86_64
kernel-rt-kvm-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
f98c221ec85d3a7a2eddfef0c17e45bd73302f19c5a5504cc82e0fb86735036f
x86_64
kernel-rt-debug-core-5.14.0-284.30.1.rt14.315.el9_2.x86_64.rpm
fba4dc518c442f0efeca02036b388570e7594e3ff91ea6d3badaf86b727c71f8

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2023:5091