Red Hat Security Advisory 2023-5093-01

Red Hat Security Advisory 2023-5093-01: Posted Sep 12, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-5093-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.; tags | advisory, kernel; systems | linux, redhat; advisories | CVE-2023-31248, CVE-2023-3390, CVE-2023-35001, CVE-2023-3610, CVE-2023-3776, CVE-2023-4004, CVE-2023-4147; SHA-256 | d823b3d002e6c5a51689e4caf4dc36b044651db9819d7381ddde6dfeea7a833e; Download | Favorite | View

Red Hat Security Advisory 2023-5093-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update
Advisory ID:       RHSA-2023:5093-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5093
Issue date:        2023-09-12
CVE Names:         CVE-2023-3390 CVE-2023-3610 CVE-2023-3776 
                   CVE-2023-4004 CVE-2023-4147 CVE-2023-31248 
                   CVE-2023-35001 
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 9) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: UAF in nftables when nft_set_lookup_global triggered after
handling named and anonymous sets in batch requests (CVE-2023-3390)

* kernel: netfilter: nf_tables: fix chain binding transaction logic in the
abort path of NFT_MSG_NEWRULE (CVE-2023-3610)

* kernel: net/sched: cls_fw component can be exploited as result of failure
in tcf_change_indev function (CVE-2023-3776)

* kernel: netfilter: use-after-free due to improper element removal in
nft_pipapo_remove() (CVE-2023-4004)

* kernel: netfilter: nf_tables_newrule when adding a rule with
NFTA_RULE_CHAIN_ID leads to use-after-free (CVE-2023-4147)

* kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
(CVE-2023-31248)

* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
(CVE-2023-35001)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests
2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()
2220893 - CVE-2023-31248 kernel: nf_tables: use-after-free in nft_chain_lookup_byid()
2225097 - CVE-2023-3776 kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
2225198 - CVE-2023-3610 kernel: netfilter: nf_tables: fix chain binding transaction logic in the abort path of NFT_MSG_NEWRULE
2225239 - CVE-2023-4147 kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free
2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 9):

Source:
kpatch-patch-5_14_0-284_11_1-1-5.el9_2.src.rpm
kpatch-patch-5_14_0-284_18_1-1-4.el9_2.src.rpm
kpatch-patch-5_14_0-284_25_1-1-3.el9_2.src.rpm

ppc64le:
kpatch-patch-5_14_0-284_11_1-1-5.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_11_1-debuginfo-1-5.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_11_1-debugsource-1-5.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_18_1-1-4.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_18_1-debuginfo-1-4.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_18_1-debugsource-1-4.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_25_1-1-3.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_25_1-debuginfo-1-3.el9_2.ppc64le.rpm
kpatch-patch-5_14_0-284_25_1-debugsource-1-3.el9_2.ppc64le.rpm

x86_64:
kpatch-patch-5_14_0-284_11_1-1-5.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_11_1-debuginfo-1-5.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_11_1-debugsource-1-5.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_18_1-1-4.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_18_1-debuginfo-1-4.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_18_1-debugsource-1-4.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_25_1-1-3.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_25_1-debuginfo-1-3.el9_2.x86_64.rpm
kpatch-patch-5_14_0-284_25_1-debugsource-1-3.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3390
https://access.redhat.com/security/cve/CVE-2023-3610
https://access.redhat.com/security/cve/CVE-2023-3776
https://access.redhat.com/security/cve/CVE-2023-4004
https://access.redhat.com/security/cve/CVE-2023-4147
https://access.redhat.com/security/cve/CVE-2023-31248
https://access.redhat.com/security/cve/CVE-2023-35001
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJlAINWAAoJENzjgjWX9erEFeYP/j+dydaEaJ3erilxS6+E8srO
qobJMIWOs7A8nEVE7O5mpR29HF8CiqyON/LAPvzx7IcsGYsbpxZcaKZfr+6RNoI/
H6k2/FO04foA12dbZW3iKST6TLxxF4PL78Mzu1mfeg6Yzo3hYWqH4vbf9aCzIXlo
gx/8KTj1YU8JxD9g/DO8ax+5CkafjXkxN2HqhR5CedOAd0rSXZ5SfR6Iy8oKPM2b
N6MD6eVA9IBOlIkec7ho5jeOZuTnybegpPIMDaW5l51dNsZ8lhR5PXsnFXZh8y/p
JgJYnmVfJ6qqX10Xeey4xnVGqUQz1yBwJEkWdo0Nwx71EbJ19KJsHCheC1nUFjEd
/slcmfXrvtXSGkgfQJ8XrJtsmR33W0ic1E0NLyCb8LYZtLlmusYnM/PcnZSFIrkj
lVmHZyvbEZ+3JKm6UJShlLvYfXz/WkfTmTNLpn93xAfjrUpZwoU4X3RhfFIc969S
cTGmD0MpCCO79SDZWjbjLY3hm7UiEVv41mcJAJ7Xh1Mk3J+u0I/j8otAYe8HHCSL
g924LYCJRoxC3DfCDjL2XoT/QVoV1Hx5OybapPyyGz+G7IO1pT6h7K6GbiF6awwd
Fs7p0BJEfMZ77JQbAby+DpSzV4ri68y6yXw+cA+GsB9qWS5lv6i8QbVAkS369PdY
0QKZgetbqXkuLHKUVw2f
=dsfK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 297 files
Ubuntu 69 files
Debian 20 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
LiquidWorm 4 files
Spencer McIntyre 3 files
Alter Prime 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

Red Hat Security Advisory 2023-5093-01

Red Hat Security Advisory 2023-5093-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-5093-01

Share This

Red Hat Security Advisory 2023-5093-01

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems