rhsa-2023:6901
Vulnerability from csaf_redhat
Published
2023-11-14 15:24
Modified
2025-04-14 18:50
Summary
Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)
* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)
* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)
* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)
* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)
* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
* kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)
* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)
* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)
* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)
* kernel: use-after-free in qdisc_graft (CVE-2023-0590)
* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)
* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)
* kernel: denial of service in tipc_conn_close (CVE-2023-1382)
* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)
* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)
* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)
* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)
* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)
* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)
* kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)
* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)
* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)
* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)
* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)
* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)
* kernel: r592: race condition in r592_remove (CVE-2023-35825)
* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)
* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)
* kernel: Use after free in r592_remove (CVE-2023-3141)
* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)
For more details about the security issue(s), refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)\n\n* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)\n\n* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)\n\n* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)\n\n* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)\n\n* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)\n\n* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)\n\n* kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)\n\n* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)\n\n* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)\n\n* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)\n\n* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)\n\n* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)\n\n* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)\n\n* kernel: use-after-free in qdisc_graft (CVE-2023-0590)\n\n* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)\n\n* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)\n\n* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)\n\n* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)\n\n* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)\n\n* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)\n\n* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)\n\n* kernel: denial of service in tipc_conn_close (CVE-2023-1382)\n\n* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)\n\n* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)\n\n* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)\n\n* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)\n\n* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)\n\n* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)\n\n* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)\n\n* kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)\n\n* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)\n\n* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)\n\n* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)\n\n* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)\n\n* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)\n\n* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)\n\n* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)\n\n* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)\n\n* kernel: r592: race condition in r592_remove (CVE-2023-35825)\n\n* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)\n\n* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)\n\n* kernel: Use after free in r592_remove (CVE-2023-3141)\n\n* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)\n\nFor more details about the security issue(s), refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:6901", url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index", }, { category: "external", summary: "https://access.redhat.com/solutions/7027704", url: "https://access.redhat.com/solutions/7027704", }, { category: "external", summary: "2024989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024989", }, { category: "external", summary: "2073091", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073091", }, { category: "external", summary: "2133453", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133453", }, { category: "external", summary: "2133455", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133455", }, { category: "external", summary: "2139610", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139610", }, { category: "external", summary: "2147356", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2147356", }, { category: "external", summary: "2148520", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148520", }, { category: "external", summary: "2149024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149024", }, { category: "external", summary: "2151317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151317", }, { category: "external", summary: "2156322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156322", }, { category: "external", summary: "2165741", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165741", }, { category: "external", summary: "2165926", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165926", }, { category: "external", summary: "2168332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2168332", }, { category: "external", summary: "2173403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173403", }, { category: "external", summary: "2173430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173430", }, { category: "external", summary: "2173434", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173434", }, { category: "external", summary: "2173444", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173444", }, { category: "external", summary: "2174400", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174400", }, { category: "external", summary: "2175903", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2175903", }, { category: "external", summary: "2176140", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176140", }, { category: "external", summary: "2177371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177371", }, { category: "external", summary: "2177389", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177389", }, { category: "external", summary: "2181330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181330", }, { category: "external", summary: "2182443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182443", }, { category: "external", summary: "2184578", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184578", }, { category: "external", summary: "2185945", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185945", }, { category: "external", summary: "2187257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187257", }, { category: "external", summary: "2188468", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188468", }, { category: "external", summary: "2192667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2192667", }, { category: "external", summary: "2192671", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2192671", }, { category: "external", summary: "2193097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2193097", }, { category: "external", summary: "2193219", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2193219", }, { category: "external", summary: "2213139", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213139", }, { category: "external", summary: "2213199", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213199", }, { category: "external", summary: "2213485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213485", }, { category: "external", summary: "2213802", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213802", }, { category: "external", summary: "2214348", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2214348", }, { category: "external", summary: "2215502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215502", }, { category: "external", summary: "2215835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215835", }, { category: "external", summary: "2215836", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215836", }, { category: "external", summary: "2215837", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215837", }, { category: "external", summary: "2218195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218195", }, { category: "external", summary: "2218212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218212", }, { category: "external", summary: "2218943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218943", }, { category: "external", summary: "2219530", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2219530", }, { category: "external", summary: "2221707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221707", }, { category: "external", summary: "2223949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2223949", }, { category: "external", summary: "2225191", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225191", }, { category: "external", summary: "2225201", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225201", }, { category: "external", summary: "2225511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225511", }, { category: "external", summary: "2236982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6901.json", }, ], title: "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update", tracking: { current_release_date: "2025-04-14T18:50:51+00:00", generator: { date: "2025-04-14T18:50:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHSA-2023:6901", initial_release_date: "2023-11-14T15:24:26+00:00", revision_history: [ { date: "2023-11-14T15:24:26+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-14T15:24:26+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-14T18:50:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Real Time for NFV (v. 8)", product: { name: "Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::nfv", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Real Time (v. 8)", product: { name: "Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::realtime", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", product: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", product_id: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt@4.18.0-513.5.1.rt7.307.el8_9?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-core@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-devel@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-modules@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, { category: "product_version", name: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product: { name: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_id: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-513.5.1.rt7.307.el8_9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", }, product_reference: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)", product_id: "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "NFV-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", }, product_reference: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time (v. 8)", product_id: "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", }, product_reference: "kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", relates_to_product_reference: "RT-8.9.0.GA", }, ], }, vulnerabilities: [ { cve: "CVE-2021-43975", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2021-11-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2024989", }, ], notes: [ { category: "description", text: "An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", title: "Vulnerability description", }, { category: "summary", text: "kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-43975", }, { category: "external", summary: "RHBZ#2024989", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2024989", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-43975", url: "https://www.cve.org/CVERecord?id=CVE-2021-43975", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-43975", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-43975", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496", url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496", }, ], release_date: "2021-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the module atlantic from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c", }, { cve: "CVE-2022-3594", cwe: { id: "CWE-779", name: "Logging of Excessive Data", }, discovery_date: "2022-11-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2149024", }, ], notes: [ { category: "description", text: "A vulnerability was found in intr_callback in drivers/net/usb/r8152.c in the BPF component in the Linux Kernel. The manipulation leads to logging excessive data, where an attack can be launched remotely.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Rate limit overflow messages in r8152 in intr_callback", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3594", }, { category: "external", summary: "RHBZ#2149024", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2149024", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3594", url: "https://www.cve.org/CVERecord?id=CVE-2022-3594", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3594", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3594", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907", url: "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=93e2be344a7db169b7119de21ac1bf253b8c6907", }, ], release_date: "2022-10-02T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected Realtek RTL8152/RTL8153 Based USB Ethernet Adapters (r8152) kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Rate limit overflow messages in r8152 in intr_callback", }, { cve: "CVE-2022-3640", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-11-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2139610", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Linux Kernel in the l2cap_conn_del in net/bluetooth/l2cap_core.c function in the Bluetooth component. This issue leads to a use-after-free problem.", title: "Vulnerability description", }, { category: "summary", text: "kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-3640", }, { category: "external", summary: "RHBZ#2139610", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2139610", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-3640", url: "https://www.cve.org/CVERecord?id=CVE-2022-3640", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-3640", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-3640", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979", url: "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=42cf46dea905a80f6de218e837ba4d4cc33d6979", }, ], release_date: "2022-10-17T12:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, ], cve: "CVE-2022-4744", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, discovery_date: "2022-12-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2156322", }, ], notes: [ { category: "description", text: "A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: tun: avoid double free in tun_free_netdev", title: "Vulnerability summary", }, { category: "other", text: "Keeping Red Hat Enterprise Linux version 8 with Moderate severity, because required patch 158b515f703e (see reference) missed. However, currently Red Hat Enterprise Linux version 8 not affected, because previous patch not backported too: 766b0515d5be (\"net: make sure devices go through netdev_wait_all_refs\"). Means that it is not possible to trigger the issue for the Red Hat Enterprise Linux 8, but potentially Red Hat Enterprise Linux version 8 could be vulnerable in future, so still need to fix. For the Red Hat Enterprise Linux version 9 there is known way to reproduce the issue.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-4744", }, { category: "external", summary: "RHBZ#2156322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2156322", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-4744", url: "https://www.cve.org/CVERecord?id=CVE-2022-4744", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-4744", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-4744", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e", url: "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e", }, ], release_date: "2023-03-20T10:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: tun: avoid double free in tun_free_netdev", }, { cve: "CVE-2022-28388", cwe: { id: "CWE-415", name: "Double Free", }, discovery_date: "2022-04-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2073091", }, ], notes: [ { category: "description", text: "A double-free flaw was found in the Linux kernel's USB2CAN interface implementation. This issue could allow a local user to crash the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c", title: "Vulnerability summary", }, { category: "other", text: "This issue is Moderate because this case doesn't lead to a kernel crash as result of the pointers reference check preventing actual second memory free. The only known attack scenario is the possibility of a denial of service.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28388", }, { category: "external", summary: "RHBZ#2073091", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2073091", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28388", url: "https://www.cve.org/CVERecord?id=CVE-2022-28388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28388", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28388", }, ], release_date: "2022-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent module usb_8dev from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c", }, { cve: "CVE-2022-38457", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2133455", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_cmd_res_check. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: vmwgfx: use-after-free in vmw_cmd_res_check", title: "Vulnerability summary", }, { category: "other", text: "Systems making use of the vmwgfx driver are potentially affected by this flaw; systems without the vmwgfx driver loaded are not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-38457", }, { category: "external", summary: "RHBZ#2133455", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133455", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-38457", url: "https://www.cve.org/CVERecord?id=CVE-2022-38457", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-38457", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-38457", }, ], release_date: "2022-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the vmwgfx kernel module. For instructions relating to blacklisting a kernel module, please see https://access.redhat.com/solutions/41278.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: vmwgfx: use-after-free in vmw_cmd_res_check", }, { cve: "CVE-2022-40133", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2022-09-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2133453", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability was found in the Linux kernel's vmwgfx driver in vmw_execbuf_tie_context. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl() on the resulting file descriptor, to crash the system, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context", title: "Vulnerability summary", }, { category: "other", text: "Systems making use of the vmwgfx driver are potentially affected by this flaw; systems without the vmwgfx driver loaded are not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40133", }, { category: "external", summary: "RHBZ#2133453", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2133453", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40133", url: "https://www.cve.org/CVERecord?id=CVE-2022-40133", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40133", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40133", }, ], release_date: "2022-09-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the vmwgfx kernel module. For instructions relating to blacklisting a kernel module, please see https://access.redhat.com/solutions/41278.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: vmwgfx: use-after-free in vmw_execbuf_tie_context", }, { cve: "CVE-2022-40982", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2223949", }, ], notes: [ { category: "description", text: "A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core.", title: "Vulnerability description", }, { category: "summary", text: "hw: Intel: Gather Data Sampling (GDS) side channel vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-40982", }, { category: "external", summary: "RHBZ#2223949", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2223949", }, { category: "external", summary: "RHSB-7027704", url: "https://access.redhat.com/solutions/7027704", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-40982", url: "https://www.cve.org/CVERecord?id=CVE-2022-40982", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-40982", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-40982", }, { category: "external", summary: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html", }, ], release_date: "2023-08-08T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "hw: Intel: Gather Data Sampling (GDS) side channel vulnerability", }, { cve: "CVE-2022-42895", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, discovery_date: "2022-11-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2147356", }, ], notes: [ { category: "description", text: "An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_req function. An attacker with physical access within the range of standard Bluetooth transmission could use this flaw to leak kernel pointers via Bluetooth if within proximity of the victim.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for parsing Extended Flow Specification option in L2CAP Config Request (upstream commit 42dceae2).", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-42895", }, { category: "external", summary: "RHBZ#2147356", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2147356", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-42895", url: "https://www.cve.org/CVERecord?id=CVE-2022-42895", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-42895", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42895", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357", url: "https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357", }, ], release_date: "2022-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Information leak in l2cap_parse_conf_req in net/bluetooth/l2cap_core.c", }, { cve: "CVE-2022-45869", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, discovery_date: "2022-11-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2151317", }, ], notes: [ { category: "description", text: "A flaw was found in the Linux kernel in the KVM. A race condition in direct_page_fault allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualization and the TDP MMU are enabled.", title: "Vulnerability description", }, { category: "summary", text: "kernel: KVM: x86/mmu: race condition in direct_page_fault()", title: "Vulnerability summary", }, { category: "other", text: "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview and is therefore unsupported for production use. For additional details, please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45869", }, { category: "external", summary: "RHBZ#2151317", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2151317", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45869", url: "https://www.cve.org/CVERecord?id=CVE-2022-45869", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45869", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45869", }, ], release_date: "2022-11-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This vulnerability can be mitigated by disabling the nested virtualization feature.\n\nFor Intel:\n```\n# modprobe -r kvm_intel\n# modprobe kvm_intel nested=0\n```\n\nFor AMD:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: KVM: x86/mmu: race condition in direct_page_fault()", }, { cve: "CVE-2022-45887", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2022-11-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2148520", }, ], notes: [ { category: "description", text: "A memory leak issue was found in the Linux kernel media subsystem in the TTUSB DEC driver. It could occur in the ttusb_dec_exit_dvb() function because of the lack of a dvb_frontend_detach call. A local user could trigger this flaw by repeatedly plugging and unplugging the device, potentially causing a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-45887", }, { category: "external", summary: "RHBZ#2148520", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2148520", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-45887", url: "https://www.cve.org/CVERecord?id=CVE-2022-45887", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-45887", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45887", }, { category: "external", summary: "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", url: "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/", }, { category: "external", summary: "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/", url: "https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/", }, ], release_date: "2022-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the `ttusb_dec` kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c", }, { cve: "CVE-2023-0458", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-04-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2193219", }, ], notes: [ { category: "description", text: "A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents.", title: "Vulnerability description", }, { category: "summary", text: "kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0458", }, { category: "external", summary: "RHBZ#2193219", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2193219", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0458", url: "https://www.cve.org/CVERecord?id=CVE-2023-0458", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0458", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0458", }, { category: "external", summary: "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11", url: "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11", }, ], release_date: "2023-01-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, ], cve: "CVE-2023-0590", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-01-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2165741", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", title: "Vulnerability description", }, { category: "summary", text: "kernel: use-after-free due to race condition in qdisc_graft()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0590", }, { category: "external", summary: "RHBZ#2165741", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165741", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0590", url: "https://www.cve.org/CVERecord?id=CVE-2023-0590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0590", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0590", }, { category: "external", summary: "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/", url: "https://lore.kernel.org/all/20221018203258.2793282-1-edumazet@google.com/", }, ], release_date: "2022-10-18T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: use-after-free due to race condition in qdisc_graft()", }, { cve: "CVE-2023-0597", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2023-01-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2165926", }, ], notes: [ { category: "description", text: "A possible unauthorized memory access flaw was found in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stack(s) or other important data. This issue could allow a local user to gain access to some important data with expected location in memory.", title: "Vulnerability description", }, { category: "summary", text: "kernel: x86/mm: Randomize per-cpu entry area", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-0597", }, { category: "external", summary: "RHBZ#2165926", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2165926", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-0597", url: "https://www.cve.org/CVERecord?id=CVE-2023-0597", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-0597", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-0597", }, { category: "external", summary: "https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/", url: "https://lore.kernel.org/lkml/Yz%2FmfJ1gjgshF19t@hirez.programming.kicks-ass.net/", }, ], release_date: "2022-10-07T08:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: x86/mm: Randomize per-cpu entry area", }, { cve: "CVE-2023-1073", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2173403", }, ], notes: [ { category: "description", text: "A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: HID: check empty report_list in hid_validate_values()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1073", }, { category: "external", summary: "RHBZ#2173403", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173403", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1073", url: "https://www.cve.org/CVERecord?id=CVE-2023-1073", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1073", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1073", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456", url: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=b12fece4c64857e5fab4290bf01b2e0317a88456", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2023/01/17/3", url: "https://www.openwall.com/lists/oss-security/2023/01/17/3", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: HID: check empty report_list in hid_validate_values()", }, { cve: "CVE-2023-1074", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, discovery_date: "2023-02-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2173430", }, ], notes: [ { category: "description", text: "A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: sctp: fail if no bound addresses can be used for a given scope", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1074", }, { category: "external", summary: "RHBZ#2173430", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173430", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1074", url: "https://www.cve.org/CVERecord?id=CVE-2023-1074", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1074", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1074", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f", url: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=458e279f861d3f61796894cd158b780765a1569f", }, { category: "external", summary: "https://www.openwall.com/lists/oss-security/2023/01/23/1", url: "https://www.openwall.com/lists/oss-security/2023/01/23/1", }, ], release_date: "2023-01-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent module sctp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: sctp: fail if no bound addresses can be used for a given scope", }, { cve: "CVE-2023-1075", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, discovery_date: "2023-02-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2173434", }, ], notes: [ { category: "description", text: "A memory leak flaw was found in the Linux kernel's TLS protocol. This issue could allow a local user unauthorized access to some memory.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/tls: tls_is_tx_ready() checked list_entry", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1075", }, { category: "external", summary: "RHBZ#2173434", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173434", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1075", url: "https://www.cve.org/CVERecord?id=CVE-2023-1075", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1075", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1075", }, ], release_date: "2023-01-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "kernel: net/tls: tls_is_tx_ready() checked list_entry", }, { cve: "CVE-2023-1079", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-02-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2173444", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in asus_kbd_backlight_set in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem.", title: "Vulnerability description", }, { category: "summary", text: "kernel: hid: Use After Free in asus_remove()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1079", }, { category: "external", summary: "RHBZ#2173444", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2173444", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1079", url: "https://www.cve.org/CVERecord?id=CVE-2023-1079", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1079", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1079", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df", url: "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df", }, ], release_date: "2023-02-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected ASUS HID driver (for notebook built-in keyboard) module from loading during the boot time, ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: hid: Use After Free in asus_remove()", }, { acknowledgments: [ { names: [ "Duoming Zhou", ], }, ], cve: "CVE-2023-1118", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2174400", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Linux kernel's integrated infrared receiver/transceiver driver. This issue occurs when a user detaches a rc device. This could allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition", title: "Vulnerability summary", }, { category: "other", text: "Because this vulnerability requires an attacker to either have physical access to a system with infrared receiver/transceiver hardware or requires a remote authenticated user to have knowledge about such hardware attached to the system and when it is disconnected, Red Hat assesses the impact of this vulnerability as Moderate.\n\nThis bug stems from an error in drivers/media/rc/ene_ir.c. This is no longer being built, as CONFIG_IR_ENE is no longer enabled in Red Hat Enterprise Linux 9.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1118", }, { category: "external", summary: "RHBZ#2174400", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2174400", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1118", url: "https://www.cve.org/CVERecord?id=CVE-2023-1118", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1118", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1118", }, { category: "external", summary: "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17", url: "https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17", }, ], release_date: "2023-02-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent module ene_ir from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: use-after-free in drivers/media/rc/ene_ir.c due to race condition", }, { cve: "CVE-2023-1206", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, discovery_date: "2023-02-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2175903", }, ], notes: [ { category: "description", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "Vulnerability description", }, { category: "summary", text: "kernel: hash collisions in the IPv6 connection lookup table", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1206", }, { category: "external", summary: "RHBZ#2175903", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2175903", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1206", url: "https://www.cve.org/CVERecord?id=CVE-2023-1206", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1206", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1206", }, { category: "external", summary: "https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc", url: "https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc", }, ], release_date: "2023-06-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "https://access.redhat.com/solutions/30453", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 5.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: hash collisions in the IPv6 connection lookup table", }, { acknowledgments: [ { names: [ "Jann Horn", ], organization: "Google Project Zero", }, ], cve: "CVE-2023-1252", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-03-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176140", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 (\"ovl: fix use after free in struct ovl_aio_req\") not applied yet, the kernel could be affected.", title: "Vulnerability description", }, { category: "summary", text: "kernel: ovl: fix use after free in struct ovl_aio_req", title: "Vulnerability summary", }, { category: "other", text: "This flaw is possibly only triggered if an Ext4 filesystem is mounted. Because of that fact, and because exploitation would require that an attacker was able to control how that filesystem interacted with an OverlayFS filesystem, Red Hat assesses the impact of this vulnerability as Medium.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1252", }, { category: "external", summary: "RHBZ#2176140", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176140", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1252", url: "https://www.cve.org/CVERecord?id=CVE-2023-1252", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1252", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1252", }, { category: "external", summary: "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/", url: "https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/", }, ], release_date: "2021-11-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: ovl: fix use after free in struct ovl_aio_req", }, { acknowledgments: [ { names: [ "Wei Chen", ], }, ], cve: "CVE-2023-1382", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-03-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177371", }, ], notes: [ { category: "description", text: "A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.", title: "Vulnerability description", }, { category: "summary", text: "kernel: denial of service in tipc_conn_close", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1382", }, { category: "external", summary: "RHBZ#2177371", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177371", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1382", url: "https://www.cve.org/CVERecord?id=CVE-2023-1382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1382", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1382", }, { category: "external", summary: "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u", url: "https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u", }, ], release_date: "2022-11-18T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected transparent inter-process communication (TIPC) protocol kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: denial of service in tipc_conn_close", }, { cve: "CVE-2023-1855", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-04-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2184578", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.", title: "Vulnerability description", }, { category: "summary", text: "kernel: use-after-free bug in remove function xgene_hwmon_remove", title: "Vulnerability summary", }, { category: "other", text: "Because this flaw affects a specific CPU family, and because exploitation requires elevated system privileges, Red Hat assesses the impact of this flaw as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1855", }, { category: "external", summary: "RHBZ#2184578", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2184578", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1855", url: "https://www.cve.org/CVERecord?id=CVE-2023-1855", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1855", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1855", }, { category: "external", summary: "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/", url: "https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/", }, ], release_date: "2023-03-10T10:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected APM X-Gene SoC HW monitor kernel driver (apm_xgene) from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "kernel: use-after-free bug in remove function xgene_hwmon_remove", }, { cve: "CVE-2023-1989", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185945", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Use after free bug in btsdio_remove due to race condition", title: "Vulnerability summary", }, { category: "other", text: "Because successful exploitation of this flaw requires that a system supports SDIO hardware and that an attacker has control over attaching and detaching that hardware, Red Hat assesses the impact of this vulnerability as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1989", }, { category: "external", summary: "RHBZ#2185945", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185945", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1989", url: "https://www.cve.org/CVERecord?id=CVE-2023-1989", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1989", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1989", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088", url: "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088", }, ], release_date: "2023-03-09T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected Generic Bluetooth SDIO driver kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Use after free bug in btsdio_remove due to race condition", }, { cve: "CVE-2023-1998", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-04-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2187257", }, ], notes: [ { category: "description", text: "It was found that the Linux Kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The kernel failed to protect applications that attempted to protect against Spectre v2 leaving them open to attack from other processes running on the same physical core in another hyperthread.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Spectre v2 SMT mitigations problem", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-1998", }, { category: "external", summary: "RHBZ#2187257", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2187257", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-1998", url: "https://www.cve.org/CVERecord?id=CVE-2023-1998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-1998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-1998", }, { category: "external", summary: "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx", url: "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx", }, ], release_date: "2023-04-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by disabling Simultaneous Multithreading (SMT). For instructions on how to disable SMT in RHEL, please see https://access.redhat.com/solutions/rhel-smt.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.0", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Spectre v2 SMT mitigations problem", }, { acknowledgments: [ { names: [ "Weiteng Chen. University of California, Riverside.", ], }, ], cve: "CVE-2023-2269", cwe: { id: "CWE-667", name: "Improper Locking", }, discovery_date: "2023-04-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2189388", }, ], notes: [ { category: "description", text: "A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.", title: "Vulnerability description", }, { category: "summary", text: "kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos", title: "Vulnerability summary", }, { category: "other", text: "Because exploitation of this flaw requires that an attacker has privileges sufficient to manage md arrays, Red Hat assesses the impact of this vulnerability as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-2269", }, { category: "external", summary: "RHBZ#2189388", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2189388", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-2269", url: "https://www.cve.org/CVERecord?id=CVE-2023-2269", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-2269", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2269", }, { category: "external", summary: "https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/", url: "https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/", }, ], release_date: "2023-04-17T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos", }, { cve: "CVE-2023-2513", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2193097", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors.", title: "Vulnerability description", }, { category: "summary", text: "kernel: ext4: use-after-free in ext4_xattr_set_entry()", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having Moderate impact because of the preconditions needed to trigger the issue. The vulnerability can be exploited by a regular user, but the filesystem should be mounted with `debug_want_extra_isize`=128 and the user must have write access to the filesystem. It's also important to emphasize that `debug_want_extra_isize` is a debug mount option and should never be used in production.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-2513", }, { category: "external", summary: "RHBZ#2193097", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2193097", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-2513", url: "https://www.cve.org/CVERecord?id=CVE-2023-2513", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-2513", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2513", }, ], release_date: "2022-06-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: ext4: use-after-free in ext4_xattr_set_entry()", }, { cve: "CVE-2023-3141", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-05-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213199", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Use after free bug in r592_remove", title: "Vulnerability summary", }, { category: "other", text: "Because this flaw requires that specific peripheral hardware is attached, that an attacker has access to the hardware, and that the attacker is able to control the timing of hardware or media attachment and removal, Red Hat assesses the impact of this vulnerability as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3141", }, { category: "external", summary: "RHBZ#2213199", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213199", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3141", url: "https://www.cve.org/CVERecord?id=CVE-2023-3141", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3141", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3141", }, { category: "external", summary: "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/", url: "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/", }, ], release_date: "2023-03-07T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "kernel: Use after free bug in r592_remove", }, { acknowledgments: [ { names: [ "Sanan Hasanov", ], }, ], cve: "CVE-2023-3161", cwe: { id: "CWE-1335", name: "Incorrect Bitwise Shift of Integer", }, discovery_date: "2023-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213485", }, ], notes: [ { category: "description", text: "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: fbcon: shift-out-of-bounds in fbcon_set_font()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3161", }, { category: "external", summary: "RHBZ#2213485", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213485", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3161", url: "https://www.cve.org/CVERecord?id=CVE-2023-3161", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3161", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3161", }, ], release_date: "2023-01-25T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: fbcon: shift-out-of-bounds in fbcon_set_font()", }, { cve: "CVE-2023-3212", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2214348", }, ], notes: [ { category: "description", text: "A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. This flaw allows a privileged local user to cause a kernel panic.", title: "Vulnerability description", }, { category: "summary", text: "kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()", title: "Vulnerability summary", }, { category: "other", text: "Because exploitation of this flaw requires that an attacker is able to mount volumes they have prepared themselves or to corrupt existing system volumes, Red Hat assesses the impact of this vulnerability as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3212", }, { category: "external", summary: "RHBZ#2214348", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2214348", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3212", url: "https://www.cve.org/CVERecord?id=CVE-2023-3212", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3212", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3212", }, ], release_date: "2023-04-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()", }, { cve: "CVE-2023-3268", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-05-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215502", }, ], notes: [ { category: "description", text: "An out-of-bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information.", title: "Vulnerability description", }, { category: "summary", text: "kernel: out-of-bounds access in relay_file_read", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3268", }, { category: "external", summary: "RHBZ#2215502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215502", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3268", url: "https://www.cve.org/CVERecord?id=CVE-2023-3268", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3268", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3268", }, { category: "external", summary: "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/", url: "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/", }, ], release_date: "2023-04-19T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: out-of-bounds access in relay_file_read", }, { cve: "CVE-2023-3609", cwe: { id: "CWE-415", name: "Double Free", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2225201", }, ], notes: [ { category: "description", text: "A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3609", }, { category: "external", summary: "RHBZ#2225201", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225201", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3609", url: "https://www.cve.org/CVERecord?id=CVE-2023-3609", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3609", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3609", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc", }, ], release_date: "2023-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent module cls_u32 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails", }, { cve: "CVE-2023-3611", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2225191", }, ], notes: [ { category: "description", text: "An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3611", }, { category: "external", summary: "RHBZ#2225191", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225191", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3611", url: "https://www.cve.org/CVERecord?id=CVE-2023-3611", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3611", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3611", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64", }, ], release_date: "2023-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\n How do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead", }, { acknowledgments: [ { names: [ "Lin Ma", ], organization: "ZJU & Ant Security Light-Year Lab", }, ], cve: "CVE-2023-3772", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-06-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2218943", }, ], notes: [ { category: "description", text: "A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3772", }, { category: "external", summary: "RHBZ#2218943", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218943", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3772", url: "https://www.cve.org/CVERecord?id=CVE-2023-3772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3772", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3772", }, ], release_date: "2023-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params()", }, { cve: "CVE-2023-4128", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2261965", }, ], notes: [ { category: "description", text: "This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", title: "Vulnerability summary", }, { category: "other", text: "All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4128", }, { category: "external", summary: "RHBZ#2261965", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2261965", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4128", url: "https://www.cve.org/CVERecord?id=CVE-2023-4128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4128", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4128", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-4206", url: "https://access.redhat.com/security/cve/CVE-2023-4206", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-4207", url: "https://access.redhat.com/security/cve/CVE-2023-4207", }, { category: "external", summary: "https://access.redhat.com/security/cve/CVE-2023-4208", url: "https://access.redhat.com/security/cve/CVE-2023-4208", }, ], release_date: "2023-07-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", }, { acknowledgments: [ { names: [ "Duoming Zhou", ], }, ], cve: "CVE-2023-4132", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-07-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2221707", }, ], notes: [ { category: "description", text: "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.", title: "Vulnerability description", }, { category: "summary", text: "kernel: smsusb: use-after-free caused by do_submit_urb()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4132", }, { category: "external", summary: "RHBZ#2221707", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2221707", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4132", url: "https://www.cve.org/CVERecord?id=CVE-2023-4132", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4132", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4132", }, ], release_date: "2023-02-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: smsusb: use-after-free caused by do_submit_urb()", }, { cve: "CVE-2023-4155", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, discovery_date: "2023-05-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213802", }, ], notes: [ { category: "description", text: "A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).", title: "Vulnerability description", }, { category: "summary", text: "kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw, as they did not include support for KVM AMD Secure Encrypted Virtualization (SEV). \nNote: AMD SEV is currently provided as a Technology Preview in RHEL 8, therefore, it is unsupported for production use. For additional details see https://access.redhat.com/articles/4491591 and https://access.redhat.com/support/offerings/techpreview.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4155", }, { category: "external", summary: "RHBZ#2213802", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213802", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4155", url: "https://www.cve.org/CVERecord?id=CVE-2023-4155", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4155", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4155", }, ], release_date: "2023-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability", }, { cve: "CVE-2023-4206", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2225511", }, ], notes: [ { category: "description", text: "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4206", }, { category: "external", summary: "RHBZ#2225511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4206", url: "https://www.cve.org/CVERecord?id=CVE-2023-4206", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4206", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4206", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", }, { category: "external", summary: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", url: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", }, ], release_date: "2023-07-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", }, { cve: "CVE-2023-4207", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2225511", }, ], notes: [ { category: "description", text: "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4207", }, { category: "external", summary: "RHBZ#2225511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4207", url: "https://www.cve.org/CVERecord?id=CVE-2023-4207", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4207", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4207", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", }, { category: "external", summary: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", url: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", }, ], release_date: "2023-07-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", }, { cve: "CVE-2023-4208", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-07-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2225511", }, ], notes: [ { category: "description", text: "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \r\nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\r\n\r\nSimilar CVE-2023-4128 was rejected as a duplicate.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4208", }, { category: "external", summary: "RHBZ#2225511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2225511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4208", url: "https://www.cve.org/CVERecord?id=CVE-2023-4208", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4208", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4208", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8", }, { category: "external", summary: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", url: "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", }, ], release_date: "2023-07-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route", }, { cve: "CVE-2023-4732", cwe: { id: "CWE-366", name: "Race Condition within a Thread", }, discovery_date: "2023-09-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2236982", }, ], notes: [ { category: "description", text: "A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-4732", }, { category: "external", summary: "RHBZ#2236982", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2236982", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-4732", url: "https://www.cve.org/CVERecord?id=CVE-2023-4732", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-4732", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4732", }, ], release_date: "2023-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "A possible workaround is disabling Transparent Hugepage", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h", }, { cve: "CVE-2023-23455", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, discovery_date: "2023-01-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2168332", }, ], notes: [ { category: "description", text: "A denial of service flaw was found in atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel. This issue may allow a local attacker to cause a denial of service due to type confusion. Non-negative numbers could indicate a TC_ACT_SHOT condition rather than valid classification results.", title: "Vulnerability description", }, { category: "summary", text: "Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-23455", }, { category: "external", summary: "RHBZ#2168332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2168332", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-23455", url: "https://www.cve.org/CVERecord?id=CVE-2023-23455", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-23455", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-23455", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2965c7be0522eaa18808684b7b82b248515511b", }, ], release_date: "2023-01-01T17:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "The mitigation is to disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n\n```\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion", }, { cve: "CVE-2023-26545", cwe: { id: "CWE-415", name: "Double Free", }, discovery_date: "2023-02-25T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2182443", }, ], notes: [ { category: "description", text: "A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code.", title: "Vulnerability description", }, { category: "summary", text: "kernel: mpls: double free on sysctl allocation failure", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include MPLS routing support, which was introduced upstream in version 4.1-rc1 (commit 0189197 \"mpls: Basic routing support\").", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-26545", }, { category: "external", summary: "RHBZ#2182443", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2182443", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-26545", url: "https://www.cve.org/CVERecord?id=CVE-2023-26545", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-26545", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26545", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: mpls: double free on sysctl allocation failure", }, { acknowledgments: [ { names: [ "Wei Chen", ], }, ], cve: "CVE-2023-28328", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, discovery_date: "2023-03-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2177389", }, ], notes: [ { category: "description", text: "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c", title: "Vulnerability summary", }, { category: "other", text: "This flaw can be mitigated by preventing the affected dvb_usb_az6027 kernel module from loading during the boot time. Ensure the module is added into the blacklist file.\n~~~\nRefer: \nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278\n~~~", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28328", }, { category: "external", summary: "RHBZ#2177389", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2177389", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28328", url: "https://www.cve.org/CVERecord?id=CVE-2023-28328", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28328", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28328", }, { category: "external", summary: "https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com/", url: "https://lore.kernel.org/linux-media/20221120065918.2160782-1-zhongbaisong@huawei.com/", }, { category: "external", summary: "https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/", url: "https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/", }, ], release_date: "2022-11-18T06:30:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c", }, { cve: "CVE-2023-28772", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2023-03-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2181330", }, ], notes: [ { category: "description", text: "A buffer overflow write flaw was identified in seq_buf_putmem_hex in lib/seq_buf.c in seq_buf in the Linux Kernel. This issue may allow a user with special debug privileges such as ftrace or root to cause an overflow in the destination buffer due to a missing sanity check.", title: "Vulnerability description", }, { category: "summary", text: "kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28772", }, { category: "external", summary: "RHBZ#2181330", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2181330", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28772", url: "https://www.cve.org/CVERecord?id=CVE-2023-28772", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28772", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28772", }, { category: "external", summary: "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7", url: "https://github.com/torvalds/linux/commit/d3b16034a24a112bb83aeb669ac5b9b01f744bb7", }, ], release_date: "2023-03-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow", }, { cve: "CVE-2023-30456", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, discovery_date: "2023-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2188468", }, ], notes: [ { category: "description", text: "A flaw was found in the KVM's Intel nested virtualization feature (nVMX). The effective values of the guest CR0 and CR4 registers could differ from those included in the VMCS12. In rare circumstances (i.e., kvm_intel module loaded with parameters nested=1 and ept=0) this could allow a malicious guest to crash the host system, causing a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "kernel: KVM: nVMX: missing consistency checks for CR0 and CR4", title: "Vulnerability summary", }, { category: "other", text: "Red Hat currently provides the nested virtualization feature as a Technology Preview. Nested virtualization is therefore unsupported for production use. For more information please refer to https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-30456", }, { category: "external", summary: "RHBZ#2188468", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2188468", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-30456", url: "https://www.cve.org/CVERecord?id=CVE-2023-30456", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-30456", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-30456", }, ], release_date: "2023-04-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_intel\n# modprobe kvm_intel nested=0\n```", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: KVM: nVMX: missing consistency checks for CR0 and CR4", }, { cve: "CVE-2023-31084", discovery_date: "2023-06-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2213139", }, ], notes: [ { category: "description", text: "A potential deadlock flaw was found in the Linux’s kernel DVB API (used by Digital TV devices) functionality. This flaw allows a local user to crash the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-31084", }, { category: "external", summary: "RHBZ#2213139", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2213139", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-31084", url: "https://www.cve.org/CVERecord?id=CVE-2023-31084", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-31084", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-31084", }, ], release_date: "2023-04-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible", }, { cve: "CVE-2023-31436", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2192671", }, ], notes: [ { category: "description", text: "An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Vulnerability description", }, { category: "summary", text: "kernel: out-of-bounds write in qfq_change_class function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-31436", }, { category: "external", summary: "RHBZ#2192671", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2192671", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-31436", url: "https://www.cve.org/CVERecord?id=CVE-2023-31436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-31436", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-31436", }, { category: "external", summary: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d", }, ], release_date: "2023-04-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "To mitigate this issue, prevent the module, sch_qfq from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "kernel: out-of-bounds write in qfq_change_class function", }, { cve: "CVE-2023-33203", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-03-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2192667", }, ], notes: [ { category: "description", text: "A race condition vulnerability was found in the Linux kernel's Qualcomm EMAC Gigabit Ethernet Controller when the user physically removes the device before cleanup in the emac_remove function. This flaw can eventually result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", title: "Vulnerability description", }, { category: "summary", text: "kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include support for the EMAC Gigabit Ethernet Controller.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33203", }, { category: "external", summary: "RHBZ#2192667", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2192667", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33203", url: "https://www.cve.org/CVERecord?id=CVE-2023-33203", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33203", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33203", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove()", }, { cve: "CVE-2023-33951", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2218195", }, ], notes: [ { category: "description", text: "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.", title: "Vulnerability description", }, { category: "summary", text: "kernel: vmwgfx: race condition leading to information disclosure vulnerability", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33951", }, { category: "external", summary: "RHBZ#2218195", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218195", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33951", url: "https://www.cve.org/CVERecord?id=CVE-2023-33951", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33951", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33951", }, { category: "external", summary: "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/", url: "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: vmwgfx: race condition leading to information disclosure vulnerability", }, { cve: "CVE-2023-33952", cwe: { id: "CWE-415", name: "Double Free", }, discovery_date: "2023-06-28T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2218212", }, ], notes: [ { category: "description", text: "A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel.", title: "Vulnerability description", }, { category: "summary", text: "kernel: vmwgfx: double free within the handling of vmw_buffer_object objects", title: "Vulnerability summary", }, { category: "other", text: "This flaw has been rated as having Moderate impact because of the preconditions needed to trigger the issue: An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-33952", }, { category: "external", summary: "RHBZ#2218212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2218212", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-33952", url: "https://www.cve.org/CVERecord?id=CVE-2023-33952", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-33952", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33952", }, { category: "external", summary: "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292", url: "https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292", }, ], release_date: "2023-02-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, { category: "workaround", details: "This flaw can be mitigated by preventing the affected `vmwgfx` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: vmwgfx: double free within the handling of vmw_buffer_object objects", }, { cve: "CVE-2023-35823", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215835", }, ], notes: [ { category: "description", text: "A race condition was found in the Linux kernel's saa7134 device driver. This occurs when removing the module before cleanup in the saa7134_finidev function which can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", title: "Vulnerability description", }, { category: "summary", text: "kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()", title: "Vulnerability summary", }, { category: "other", text: "Because this flaw only affects systems with specific hardware installed, and because exploitation requires an attacker to be able to manipulate the driver or the physical hardware with precise timing, Red Hat assesses the impact of this vulnerability as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35823", }, { category: "external", summary: "RHBZ#2215835", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215835", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35823", url: "https://www.cve.org/CVERecord?id=CVE-2023-35823", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35823", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35823", }, ], release_date: "2023-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: saa7134: race condition leading to use-after-free in saa7134_finidev()", }, { cve: "CVE-2023-35824", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215836", }, ], notes: [ { category: "description", text: "A race condition was found in the Linux kernel's dm1105 device driver when removing the module before cleanup in the dm1105_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", title: "Vulnerability description", }, { category: "summary", text: "kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()", title: "Vulnerability summary", }, { category: "other", text: "Because this flaw only affects systems with specific hardware installed, and because exploitation requires an attacker to be able to manipulate the driver with precise timing, Red Hat assesses the impact of this vulnerability as Moderate.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35824", }, { category: "external", summary: "RHBZ#2215836", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215836", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35824", url: "https://www.cve.org/CVERecord?id=CVE-2023-35824", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35824", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35824", }, ], release_date: "2023-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c()", }, { cve: "CVE-2023-35825", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2215837", }, ], notes: [ { category: "description", text: "A race condition was found in the Linux kernel's r592 device driver, when removing the module before cleanup in the r592_remove function. This can result in a use-after-free issue, possibly leading to a system crash or other undefined behaviors.", title: "Vulnerability description", }, { category: "summary", text: "kernel: r592: race condition leading to use-after-free in r592_remove()", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-35825", }, { category: "external", summary: "RHBZ#2215837", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2215837", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-35825", url: "https://www.cve.org/CVERecord?id=CVE-2023-35825", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-35825", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-35825", }, ], release_date: "2023-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-14T15:24:26+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.", product_ids: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6901", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "NFV-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "NFV-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.src", "RT-8.9.0.GA:kernel-rt-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-core-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debug-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-devel-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-kvm-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", "RT-8.9.0.GA:kernel-rt-modules-extra-0:4.18.0-513.5.1.rt7.307.el8_9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kernel: r592: race condition leading to use-after-free in r592_remove()", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.