(RHSA-2023:7548) Important: kernel-rt security update

2023-11-2814:49:12

access.redhat.com

kernel-rt packages

real time linux kernel

high determinism

security update

cve-2023-2163

cve-2023-3812

cve-2023-5178

cve-2022-45884

cve-2022-45886

cve-2022-45919

cve-2023-1192

cvss score

references section

7.8 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)
kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)
kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)
kernel: use-after-free due to race condition occurring in dvb_register_device() (CVE-2022-45884)
kernel: use-after-free due to race condition occurring in dvb_net.c (CVE-2022-45886)
kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c (CVE-2022-45919)
kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64kernel-rt-debug-kvm< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-debug-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-debug-core< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-modules-extra< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-core< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-debuginfo< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-kvm< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-modules< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-debug-modules-extra< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat8x86_64kernel-rt-debuginfo-common-x86_64< 4.18.0-513.9.1.rt7.311.el8_9kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	kernel-rt-debug-kvm	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-debug-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-debug-core	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-debug-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-modules-extra	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-core	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-core-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-debuginfo	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-debuginfo-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-kvm	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-kvm-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-modules	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-modules-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-debug-modules-extra	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-debug-modules-extra-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm
RedHat	8	x86_64	kernel-rt-debuginfo-common-x86_64	< 4.18.0-513.9.1.rt7.311.el8_9	kernel-rt-debuginfo-common-x86_64-4.18.0-513.9.1.rt7.311.el8_9.x86_64.rpm