RLSA-2023:3350

Source
https://errata.rockylinux.org/RLSA-2023:3350
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2023:3350.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2023:3350
Related
Published
2023-06-13T19:54:33.297987Z
Modified
2023-06-13T19:56:18.571984Z
Summary
Important: kernel-rt security and bug fix update
Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • smpboot: Scheduler frequency invariance went wobbly, disabling! (BZ#2188316)

  • Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722)

  • kernel-rt: update RT source tree to the Rocky Linux-8.8.z0 source tree. (BZ#2196667)

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.18.0-477.13.1.rt7.276.el8_8