ALSA-2023:7077

Source
https://errata.almalinux.org/8/ALSA-2023-7077.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:7077.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2023:7077
Related
Published
2023-11-14T00:00:00Z
Modified
2023-11-23T10:20:52Z
Summary
Important: kernel security, bug fix, and enhancement update
Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: tun: avoid double free in tunfreenetdev (CVE-2022-4744)
  • kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)
  • kernel: out-of-bounds write in qfqchangeclass function (CVE-2023-31436)
  • kernel: out-of-bounds write in hwatlutilsfwrpc_wait (CVE-2021-43975)
  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
  • kernel: use after free flaw in l2capconndel (CVE-2022-3640)
  • kernel: double free in usb8devstart_xmit (CVE-2022-28388)
  • kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)
  • hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)
  • kernel: Information leak in l2capparseconf_req (CVE-2022-42895)
  • kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)
  • kernel: memory leak in ttusbdecexit_dvb (CVE-2022-45887)
  • kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)
  • kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)
  • kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)
  • kernel: HID: check empty reportlist in hidvalidate_values (CVE-2023-1073)
  • kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)
  • kernel: hid: Use After Free in asus_remove (CVE-2023-1079)
  • kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)
  • kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
  • kernel: ovl: fix use after free in struct ovlaioreq (CVE-2023-1252)
  • kernel: denial of service in tipcconnclose (CVE-2023-1382)
  • kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)
  • kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
  • kernel: ext4: use-after-free in ext4xattrset_entry (CVE-2023-2513)
  • kernel: fbcon: shift-out-of-bounds in fbconsetfont (CVE-2023-3161)
  • kernel: out-of-bounds access in relayfileread (CVE-2023-3268)
  • kernel: xfrm: NULL pointer dereference in xfrmupdateae_params (CVE-2023-3772)
  • kernel: smsusb: use-after-free caused by dosubmiturb (CVE-2023-4132)
  • kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)
  • Kernel: denial of service in atmtcenqueue due to type confusion (CVE-2023-23455)
  • kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)
  • kernel: Denial of service issue in az6027 driver (CVE-2023-28328)
  • kernel: lib/seqbuf.c has a seqbufputmemhex buffer overflow (CVE-2023-28772)
  • kernel: blocking operation in dvbfrontendgetevent and waitevent_interruptible (CVE-2023-31084)
  • kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)
  • kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)
  • kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)
  • kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)
  • kernel: net/tls: tlsistxready() checked listentry (CVE-2023-1075)
  • kernel: use-after-free bug in remove function xgenehwmonremove (CVE-2023-1855)
  • kernel: Use after free bug in r592_remove (CVE-2023-3141)
  • kernel: gfs2: NULL pointer dereference in gfs2evictinode (CVE-2023-3212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / bpftool

Package

Name
bpftool

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel

Package

Name
kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-abi-stablelists

Package

Name
kernel-abi-stablelists

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-core

Package

Name
kernel-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-cross-headers

Package

Name
kernel-cross-headers

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-debug

Package

Name
kernel-debug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-debug-core

Package

Name
kernel-debug-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-debug-devel

Package

Name
kernel-debug-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-debug-modules

Package

Name
kernel-debug-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-debug-modules-extra

Package

Name
kernel-debug-modules-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-devel

Package

Name
kernel-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-doc

Package

Name
kernel-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-headers

Package

Name
kernel-headers

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-modules

Package

Name
kernel-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-modules-extra

Package

Name
kernel-modules-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-tools

Package

Name
kernel-tools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-tools-libs

Package

Name
kernel-tools-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-tools-libs-devel

Package

Name
kernel-tools-libs-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-zfcpdump

Package

Name
kernel-zfcpdump

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-zfcpdump-core

Package

Name
kernel-zfcpdump-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-zfcpdump-devel

Package

Name
kernel-zfcpdump-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-zfcpdump-modules

Package

Name
kernel-zfcpdump-modules

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / kernel-zfcpdump-modules-extra

Package

Name
kernel-zfcpdump-modules-extra

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / perf

Package

Name
perf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9

AlmaLinux:8 / python3-perf

Package

Name
python3-perf

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.18.0-513.5.1.el8_9