Red Hat Enterprise Linux 9.0 Extended Update Support update for kernel-rt

Published: 2023-03-14 | Updated: 2023-06-27

Risk	Medium
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2022-3564 CVE-2022-4269 CVE-2022-4378 CVE-2022-4379 CVE-2023-0179 CVE-2023-0266
CWE-ID	CWE-416 CWE-833 CWE-121 CWE-190
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. Vulnerability #6 is being exploited in the wild.
Vulnerable software Subscribe	kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU69799

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3564

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the l2cap_reassemble_sdu() function in net/bluetooth/l2cap_core.c. An attacker with physical access to device can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Deadlock

EUVDB-ID: #VU73186

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-4269

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Stack-based buffer overflow

EUVDB-ID: #VU70442

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-4378

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use-after-free

EUVDB-ID: #VU71583

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-4379

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the __nfs42_ssc_open() function in fs/nfs/nfs4file.c. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Integer overflow

EUVDB-ID: #VU71173

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2023-0179

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an integer overflow within the nft_payload_copy_vlan() function in Linux kernel Netfilter. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Use-after-free

EUVDB-ID: #VU71482

Risk: High

CVSSv3.1:

CVE-ID: CVE-2023-0266

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): before 5.14.0-70.49.1.rt21.120.el9_0

CPE2.3

cpe:2.3:o:red_hat:kernel-rt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:

External links

http://access.redhat.com/errata/RHSA-2023:1203

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?