rhsa-2023_7548
Vulnerability from csaf_redhat
Published
2023-11-28 16:05
Modified
2024-09-13 21:17
Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
* kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)
* kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)
* kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)
* kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)\n\n* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)\n\n* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)\n\n* kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)\n\n* kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)\n\n* kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)\n\n* kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7548",
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2148510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148510"
},
{
"category": "external",
"summary": "2148517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148517"
},
{
"category": "external",
"summary": "2151956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151956"
},
{
"category": "external",
"summary": "2154178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"category": "external",
"summary": "2224048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"category": "external",
"summary": "2240249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240249"
},
{
"category": "external",
"summary": "2241924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7548.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2024-09-13T21:17:24+00:00",
"generator": {
"date": "2024-09-13T21:17:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2023:7548",
"initial_release_date": "2023-11-28T16:05:26+00:00",
"revision_history": [
{
"date": "2023-11-28T16:05:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-28T16:05:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-13T21:17:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"product": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"product_id": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.9.1.rt7.311.el8_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-513.9.1.rt7.311.el8_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src"
},
"product_reference": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV (v. 8)",
"product_id": "NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "NFV-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src"
},
"product_reference": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 8)",
"product_id": "RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"relates_to_product_reference": "RT-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45884",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148510"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB core device driver. It could occur in the dvb_register_device() function due to the file_operations structure (fops) being dynamically allocated and later kfreed. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free due to race condition occurring in dvb_register_device()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, an attacker must either have credentials for a vulnerable system and physical access to its ports, or they must have the elevated privileges necessary to control USB via sysfs. For that reason, Red Hat assesses the impact of this vulnerability as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45884"
},
{
"category": "external",
"summary": "RHBZ#2148510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148510"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45884",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45884",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45884"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/",
"url": "https://lore.kernel.org/linux-media/20221117045925.14297-4-imv4bel@gmail.com/"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the `dvb-core` kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: use-after-free due to race condition occurring in dvb_register_device()"
},
{
"cve": "CVE-2022-45886",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-11-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2148517"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the dvb_net component of the DVB core device driver. It could occur between the time the device is disconnected (.disconnect function) and the time the device node is opened (dvb_device_open function). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free due to race condition occurring in dvb_net.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Because this vulnerability requires an attacker to either have physical access to a system with DVB hardware or requires a remote authenticated user to have knowledge about DVB hardware attached to the system and when it is disconnected and reconnected, Red Hat assesses the impact of this vulnerability as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45886"
},
{
"category": "external",
"summary": "RHBZ#2148517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45886"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45886",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45886"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/",
"url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/",
"url": "https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/"
}
],
"release_date": "2022-11-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the `dvb-core` kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: use-after-free due to race condition occurring in dvb_net.c"
},
{
"cve": "CVE-2022-45919",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2151956"
}
],
"notes": [
{
"category": "description",
"text": "A race condition flaw leading to a use-after-free issue was found in the Linux kernel media subsystem in the DVB CA EN50221 interface of the DVB core device driver. It could occur in the dvb_ca_en50221_release() function if there is a disconnect after an open, because of the lack of a wait_event. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Because this vulnerability requires an attacker to either have physical access to a system with DVB hardware or requires a remote authenticated user to have knowledge about DVB hardware attached to the system and when it is disconnected and reconnected, Red Hat assesses the impact of this vulnerability as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-45919"
},
{
"category": "external",
"summary": "RHBZ#2151956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-45919",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45919",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45919"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-media/20221121063308.GA33821@ubuntu/T/#u",
"url": "https://lore.kernel.org/linux-media/20221121063308.GA33821@ubuntu/T/#u"
}
],
"release_date": "2022-11-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the `dvb-core` kernel module. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c"
},
{
"acknowledgments": [
{
"names": [
"Pumpkin (@u1f383), working with DEVCORE Internship Program"
]
}
],
"cve": "CVE-2023-1192",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2154178"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free in smb2_is_status_io_timeout()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Because analysis indicates that this issue will only cause momentary interruptions to connections, Red Hat rates the impact of this flaw as Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-1192"
},
{
"category": "external",
"summary": "RHBZ#2154178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154178"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1192"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686fCVE-2023-52",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d527f51331cace562393a8038d870b3e9916686fCVE-2023-52"
}
],
"release_date": "2022-10-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: use-after-free in smb2_is_status_io_timeout()"
},
{
"cve": "CVE-2023-2163",
"cwe": {
"id": "CWE-682",
"name": "Incorrect Calculation"
},
"discovery_date": "2023-09-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2240249"
}
],
"notes": [
{
"category": "description",
"text": "An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Enterprise Linux 9.3 not affected, because the required patch applied before this CVE creation. For the Red Hat Enterprise Linux 9 before version 9.3 required fixes applied too.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-2163"
},
{
"category": "external",
"summary": "RHBZ#2240249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2163"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed"
}
],
"release_date": "2023-04-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\n\nFor Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe"
},
{
"cve": "CVE-2023-3812",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2224048"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "RHBZ#2224048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2224048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3812"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0"
}
],
"release_date": "2022-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the tun module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags"
},
{
"cve": "CVE-2023-5178",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-10-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2241924"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use after free in nvmet_tcp_free_crypto in NVMe",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is actual only for systems where NVME over TCP being used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5178"
},
{
"category": "external",
"summary": "RHBZ#2241924",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241924"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5178"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/",
"url": "https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/"
}
],
"release_date": "2023-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7548"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"NFV-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"NFV-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.src",
"RT-8.9.0.Z.MAIN:kernel-rt-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-core-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debug-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-debuginfo-common-x86_64-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-devel-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-kvm-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64",
"RT-8.9.0.Z.MAIN:kernel-rt-modules-extra-0:4.18.0-513.9.1.rt7.311.el8_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: use after free in nvmet_tcp_free_crypto in NVMe"
}
]
}
Loading...