SB2023091232 - Red Hat Enterprise Linux 9 update for kernel

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.

2) Use-after-free (CVE-ID: CVE-2023-20593)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability was dubbed Zenbleed.

3) Security features bypass (CVE-ID: CVE-2023-21102)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.

4) Use-after-free (CVE-ID: CVE-2023-31248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Use-after-free (CVE-ID: CVE-2023-3390)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.

6) Out-of-bounds write (CVE-ID: CVE-2023-35001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.

7) Use-after-free (CVE-ID: CVE-2023-3610)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.

8) Use-after-free (CVE-ID: CVE-2023-3776)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

9) Use-after-free (CVE-ID: CVE-2023-4004)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.

10) Use-after-free (CVE-ID: CVE-2023-4147)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2023:5069