Red Hat Enterprise Linux 8 update for kernel-rt



Published: 2023-04-04 | Updated: 2023-06-26
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2022-4269
CVE-2022-4378
CVE-2023-0266
CVE-2023-0386
CWE-ID CWE-833
CWE-121
CWE-416
CWE-264
Exploitation vector Local
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerability #3 is being exploited in the wild.
Public exploit code for vulnerability #4 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Real Time for NFV
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Real Time
Operating systems & Components / Operating system

kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Deadlock

EUVDB-ID: #VU73186

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4269

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time for NFV: 8

Red Hat Enterprise Linux for Real Time: 8

kernel-rt (Red Hat package): before 4.18.0-425.19.2.rt7.230.el8_7

External links

http://access.redhat.com/errata/RHSA-2023:1584


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU70442

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-4378

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time for NFV: 8

Red Hat Enterprise Linux for Real Time: 8

kernel-rt (Red Hat package): before 4.18.0-425.19.2.rt7.230.el8_7

External links

http://access.redhat.com/errata/RHSA-2023:1584


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Use-after-free

EUVDB-ID: #VU71482

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-0266

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time for NFV: 8

Red Hat Enterprise Linux for Real Time: 8

kernel-rt (Red Hat package): before 4.18.0-425.19.2.rt7.230.el8_7

External links

http://access.redhat.com/errata/RHSA-2023:1584


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU74410

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-0386

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Real Time for NFV: 8

Red Hat Enterprise Linux for Real Time: 8

kernel-rt (Red Hat package): before 4.18.0-425.19.2.rt7.230.el8_7

External links

http://access.redhat.com/errata/RHSA-2023:1584


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###