Important: kernel security update

2024-01-1000:00:00

errata.almalinux.org

kernel

security update

linux.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

26.1%

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)
kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Backport OVS l4 Symmetric Hashing to almalinux-8 (JIRA:AlmaLinux-12746)
Unbounded memory usage by TCP for receive buffers (JIRA:AlmaLinux-15096)
various kind of guests freeze on rhel 8.8 (JIRA:AlmaLinux-15121)
AlmaLinux 8: netfilter: conntrack: Fix gre tunneling over ipv6 (JIRA:AlmaLinux-15259)
NFSv4.1 needs to handle ENOENT error from GETDEVICEINFO (JIRA:AlmaLinux-16407)
DM multipath showing failed path for an nvme-o-FC LUN when performing I/O operations (JIRA:AlmaLinux-14718)

OSVersionArchitecturePackageVersionFilename
almalinux8noarchkernel-abi-stablelists< 4.18.0-513.11.1.el8_9kernel-abi-stablelists-4.18.0-513.11.1.el8_9.noarch.rpm
almalinux8noarchkernel-doc< 4.18.0-513.11.1.el8_9kernel-doc-4.18.0-513.11.1.el8_9.noarch.rpm
almalinux8x86_64kernel-tools< 4.18.0-513.11.1.el8_9kernel-tools-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64kernel-debug-devel< 4.18.0-513.11.1.el8_9kernel-debug-devel-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64kernel-debug< 4.18.0-513.11.1.el8_9kernel-debug-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64python3-perf< 4.18.0-513.11.1.el8_9python3-perf-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64kernel-debug-core< 4.18.0-513.11.1.el8_9kernel-debug-core-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64kernel-cross-headers< 4.18.0-513.11.1.el8_9kernel-cross-headers-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64bpftool< 4.18.0-513.11.1.el8_9bpftool-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux8x86_64kernel-devel< 4.18.0-513.11.1.el8_9kernel-devel-4.18.0-513.11.1.el8_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	noarch	kernel-abi-stablelists	< 4.18.0-513.11.1.el8_9	kernel-abi-stablelists-4.18.0-513.11.1.el8_9.noarch.rpm
almalinux	8	noarch	kernel-doc	< 4.18.0-513.11.1.el8_9	kernel-doc-4.18.0-513.11.1.el8_9.noarch.rpm
almalinux	8	x86_64	kernel-tools	< 4.18.0-513.11.1.el8_9	kernel-tools-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	kernel-debug-devel	< 4.18.0-513.11.1.el8_9	kernel-debug-devel-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	kernel-debug	< 4.18.0-513.11.1.el8_9	kernel-debug-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	python3-perf	< 4.18.0-513.11.1.el8_9	python3-perf-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	kernel-debug-core	< 4.18.0-513.11.1.el8_9	kernel-debug-core-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	kernel-cross-headers	< 4.18.0-513.11.1.el8_9	kernel-cross-headers-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	bpftool	< 4.18.0-513.11.1.el8_9	bpftool-4.18.0-513.11.1.el8_9.x86_64.rpm
almalinux	8	x86_64	kernel-devel	< 4.18.0-513.11.1.el8_9	kernel-devel-4.18.0-513.11.1.el8_9.x86_64.rpm