RHSA-2023:1091

Description

Red Hat Security Advisory: kernel security and bug fix update

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• redhat•bpftool

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•bpftool-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-abi-whitelists

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-bootwrapper

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debug

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debug-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debug-devel

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debuginfo-common-ppc64

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debuginfo-common-ppc64le

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debuginfo-common-s390x

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-debuginfo-common-x86_64

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-devel

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-doc

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-kdump

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-kdump-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-kdump-devel

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-tools

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-tools-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-tools-libs

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•kernel-tools-libs-devel

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•perf

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•perf-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•python-perf

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

• redhat•python-perf-debuginfo

  < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7 | < 0:3.10.0-1160.88.1.el7

References (17)

• https://access.redhat.com/errata/RHSA-2023:1091
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=2054037
• https://bugzilla.redhat.com/show_bug.cgi?id=2133483
• https://bugzilla.redhat.com/show_bug.cgi?id=2143438
• https://bugzilla.redhat.com/show_bug.cgi?id=2152548
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1091.json
• https://access.redhat.com/security/cve/CVE-2022-4378
• https://www.cve.org/CVERecord?id=CVE-2022-4378
• https://nvd.nist.gov/vuln/detail/CVE-2022-4378
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch
• https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch
• https://seclists.org/oss-sec/2022/q4/178
• https://access.redhat.com/security/cve/CVE-2022-42703
• https://www.cve.org/CVERecord?id=CVE-2022-42703
• https://nvd.nist.gov/vuln/detail/CVE-2022-42703
• https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b