Red Hat Security Advisory: kernel security, bug fix, and enhancement update
🔗 CVE IDs covered (198)
📋 Description
CVE-2021-26341 — hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch CVE-2021-33655 — kernel: malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory CVE-2021-33656 — kernel: when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds CVE-2021-47221 — kernel: mm/slub: actually fix freelist pointer vs redzoning CVE-2021-47592 — kernel: net: stmmac: fix tc flower deletion for VLAN priority Rx steering CVE-2022-1462 — kernel: possible race condition in drivers/tty/tty_buffers.c CVE-2022-1679 — kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges CVE-2022-1789 — kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva CVE-2022-2196 — kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks CVE-2022-2663 — kernel: netfilter: nf_conntrack_irc message handling issue CVE-2022-3028 — kernel: race condition in xfrm_probe_algs can lead to OOB read/write CVE-2022-3239 — kernel: media: em28xx: initialize refcount before kref_get CVE-2022-3522 — kernel: race condition in hugetlb_no_page() in mm/hugetlb.c CVE-2022-3524 — kernel: memory leak in ipv6_renew_options() CVE-2022-3564 — kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c CVE-2022-3566 — kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt CVE-2022-3567 — kernel: data races around sk->sk_prot CVE-2022-3619 — kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c CVE-2022-3623 — kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry CVE-2022-3625 — kernel: use-after-free after failed devlink reload in devlink_param_get CVE-2022-3628 — kernel: USB-accessible buffer overflow in brcmfmac CVE-2022-3707 — kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed CVE-2022-4129 — kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference CVE-2022-4662 — kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock CVE-2022-20141 — kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets CVE-2022-25265 — kernel: Executable Space Protection Bypass CVE-2022-30594 — kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option CVE-2022-36879 — kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice CVE-2022-39188 — kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry CVE-2022-39189 — kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning CVE-2022-41218 — kernel: Report vmalloc UAF in dvb-core/dmxdev CVE-2022-41674 — kernel: u8 overflow problem in cfg80211_update_notlisted_nontrans() CVE-2022-42703 — kernel: use-after-free related to leaf anon_vma double reuse CVE-2022-42720 — kernel: use-after-free in bss_ref_get in net/wireless/scan.c CVE-2022-42721 — kernel: BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c CVE-2022-42722 — kernel: Denial of service in beacon protection for P2P-device CVE-2022-43750 — kernel: memory corruption in usbmon driver CVE-2022-47929 — kernel: NULL pointer dereference in traffic control subsystem CVE-2022-48695 — kernel: scsi: mpt3sas: Fix use-after-free warning CVE-2022-48696 — kernel: regmap: spi: Reserve space for register address/padding CVE-2022-48701 — kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug CVE-2022-48883 — kernel: net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent CVE-2022-48884 — kernel: net/mlx5: Fix command stats access after free CVE-2022-48992 — kernel: ASoC: soc-pcm: Add NULL check in BE reparenting CVE-2022-49010 — kernel: hwmon: (coretemp) Check for null before removing sysfs attrs CVE-2022-49114 — kernel: scsi: libfc: Fix use after free in fc_exch_abts_resp() CVE-2022-49294 — kernel: drm/amd/display: Check if modulo is 0 before dividing. CVE-2022-49319 — kernel: iommu/arm-smmu-v3: check return value after calling platform_get_resource() CVE-2022-49323 — kernel: iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() CVE-2022-49328 — kernel: mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49330 — kernel: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd CVE-2022-49333 — kernel: net/mlx5: E-Switch, pair only capable devices CVE-2022-49339 — kernel: net: ipv6: unexport __init-annotated seg6_hmac_init() CVE-2022-49365 — kernel: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq() CVE-2022-49371 — kernel: driver core: fix deadlock in __device_attach CVE-2022-49372 — kernel: tcp: tcp_rtx_synack() can be called from process context CVE-2022-49376 — kernel: scsi: sd: Fix potential NULL pointer dereference CVE-2022-49416 — kernel: wifi: mac80211: fix use-after-free in chanctx code CVE-2022-49429 — kernel: RDMA/hfi1: Prevent panic when SDMA is disabled CVE-2022-49471 — kernel: rtw89: cfo: check mac_id to avoid out-of-bounds CVE-2022-49511 — kernel: fbdev: defio: fix the pagelist corruption CVE-2022-49513 — kernel: cpufreq: governor: Use kobject release() method to free dbs_data CVE-2022-49519 — kernel: Linux kernel (ath10k): Double free vulnerability during suspend/resume CVE-2022-49539 — kernel: rtw89: ser: fix CAM leaks occurring in L2 reset CVE-2022-49545 — kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream CVE-2022-49577 — kernel: udp: Fix a data-race around sysctl_udp_l3mdev_accept. CVE-2022-49583 — kernel: iavf: Fix handling of dummy receive descriptors CVE-2022-49592 — kernel: net: stmmac: fix dma queue left shift overflow issue CVE-2022-49636 — kernel: vlan: fix memory leak in vlan_newlink() CVE-2022-49642 — kernel: net: stmmac: dwc-qos: Disable split header for Tegra194 CVE-2022-49644 — kernel: drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() CVE-2022-49646 — kernel: wifi: mac80211: fix queue selection for mesh/OCB interfaces CVE-2022-49653 — kernel: i2c: piix4: Fix a memory leak in the EFCH MMIO support CVE-2022-49663 — kernel: tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() CVE-2022-49691 — kernel: erspan: do not assume transport header is always set CVE-2022-49723 — kernel: drm/i915/reset: Fix error_state_read ptr + offset use CVE-2022-49726 — kernel: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() CVE-2022-49732 — kernel: sock: redo the psock vs ULP protection check CVE-2022-49872 — kernel: net: gso: fix panic on frag_list with mixed head alloc types CVE-2022-49908 — kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write CVE-2022-49925 — kernel: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() CVE-2022-49934 — kernel: wifi: mac80211: Fix UAF in ieee80211_scan_rx() CVE-2022-49935 — kernel: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49936 — kernel: USB: core: Prevent nested device-reset calls CVE-2022-49942 — kernel: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected CVE-2022-49951 — kernel: firmware_loader: Fix use-after-free during unregister CVE-2022-49958 — kernel: net/sched: fix netdevice reference leaks in attach_default_qdiscs() CVE-2022-49959 — kernel: openvswitch: fix memory leak at failed datapath creation CVE-2022-49960 — kernel: drm/i915: fix null pointer dereference CVE-2022-49962 — kernel: xhci: Fix null pointer dereference in remove if xHC has only one roothub CVE-2022-49964 — kernel: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level CVE-2022-49965 — kernel: drm/amd/pm: add missing ->fini_xxxx interfaces for some SMU13 asics CVE-2022-49966 — kernel: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid CVE-2022-49969 — kernel: drm/amd/display: clear optc underflow before turn off odm clock CVE-2022-49971 — kernel: drm/amd/pm: Fix a potential gpu_metrics_table memory leak CVE-2022-49982 — kernel: media: pvrusb2: fix memory leak in pvr_probe CVE-2022-49983 — kernel: udmabuf: Set the DMA mask for the udmabuf device (v2) CVE-2022-49986 — kernel: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq CVE-2022-50000 — kernel: netfilter: flowtable: fix stuck flows on cleanup due to pending work CVE-2022-50001 — kernel: netfilter: nft_tproxy: restrict to prerouting hook CVE-2022-50002 — kernel: net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY CVE-2022-50007 — kernel: xfrm: fix refcount leak in __xfrm_policy_check() CVE-2022-50015 — kernel: ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot CVE-2022-50016 — kernel: ASoC: SOF: Intel: cnl: Do not process IPC reply before firmware boot CVE-2022-50022 — kernel: drivers:md:fix a potential use-after-free bug CVE-2022-50035 — kernel: drm/amdgpu: Fix use-after-free on amdgpu_bo_list mutex CVE-2022-50037 — kernel: drm/i915/ttm: don't leak the ccs state CVE-2022-50039 — kernel: stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() CVE-2022-50041 — kernel: ice: Fix call trace with null VSI during VF reset CVE-2022-50044 — kernel: net: qrtr: start MHI channel after endpoit creation CVE-2022-50048 — kernel: netfilter: nf_tables: possible module reference underflow in error path CVE-2022-50049 — kernel: ASoC: DPCM: Don't pick up BE without substream CVE-2022-50050 — kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() CVE-2022-50052 — kernel: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() CVE-2022-50068 — kernel: drm/ttm: Fix dummy res NULL ptr deref bug CVE-2022-50070 — kernel: mptcp: do not queue data on closed subflows CVE-2022-50079 — kernel: drm/amd/display: Check correct bounds for stream encoder instances for DCN303 CVE-2022-50093 — kernel: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) CVE-2022-50100 — kernel: sched/core: Do not requeue task on CPU excluded from cpus_mask CVE-2022-50111 — kernel: ASoC: mt6359: Fix refcount leak bug CVE-2022-50113 — kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type() CVE-2022-50127 — kernel: RDMA/rxe: Fix error unwind in rxe_create_qp() CVE-2022-50129 — kernel: RDMA/srpt: Fix a use-after-free CVE-2022-50130 — kernel: staging: fbtft: core: set smem_len before fb_deferred_io_init call CVE-2022-50133 — kernel: usb: xhci_plat_remove: avoid NULL dereference CVE-2022-50135 — kernel: RDMA/rxe: Fix BUG: KASAN: null-ptr-deref in rxe_qp_do_cleanup CVE-2022-50136 — kernel: RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event CVE-2022-50137 — kernel: RDMA/irdma: Fix a window for use-after-free CVE-2022-50138 — kernel: RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() CVE-2022-50149 — kernel: driver core: fix potential deadlock in __driver_attach CVE-2022-50164 — kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue CVE-2022-50172 — kernel: mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg CVE-2022-50181 — kernel: virtio-gpu: fix a missing check to avoid NULL dereference CVE-2022-50185 — kernel: drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() CVE-2022-50189 — kernel: tools/power turbostat: Fix file pointer leak CVE-2022-50211 — kernel: md-raid10: fix KASAN warning CVE-2022-50221 — kernel: drm/fb-helper: Fix out-of-bounds access CVE-2022-50226 — kernel: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak CVE-2022-50229 — kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing CVE-2022-50235 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READDIR CVE-2022-50243 — kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key CVE-2022-50271 — kernel: Linux kernel: Denial of Service due to memory allocation failure in vhost/vsock CVE-2022-50299 — kernel: md: Replace snprintf with scnprintf CVE-2022-50308 — kernel: ASoC: qcom: Add checks for devm_kcalloc CVE-2022-50318 — kernel: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() CVE-2022-50325 — kernel: ASoC: Intel: avs: Fix potential RX buffer overflow CVE-2022-50350 — kernel: scsi: target: iscsi: Fix a race condition between login_work and the login thread CVE-2022-50381 — kernel: md: fix a crash in mempool_free CVE-2022-50408 — kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() CVE-2022-50410 — kernel: NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-50418 — kernel: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() CVE-2022-50425 — kernel: x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly CVE-2022-50427 — kernel: ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() CVE-2022-50431 — kernel: ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() CVE-2022-50467 — kernel: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID CVE-2022-50482 — kernel: iommu/vt-d: Clean up si_domain in the init_dmars() error path CVE-2022-50484 — kernel: ALSA: usb-audio: Fix potential memory leaks CVE-2022-50487 — kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR CVE-2022-50493 — kernel: scsi: qla2xxx: Fix crash when I/O abort times out CVE-2022-50496 — kernel: dm cache: Fix UAF in destroy() CVE-2022-50516 — kernel: fs: dlm: fix invalid derefence of sb_lvbptr CVE-2022-50531 — kernel: Linux kernel (TIPC): Information disclosure via uninitialized memory in tipc_topsrv_kern_subscr CVE-2022-50534 — kernel: dm thin: Use last transaction's pmd->root when commit failed CVE-2022-50543 — kernel: RDMA/rxe: Fix mr->map double free CVE-2022-50549 — kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata CVE-2022-50554 — kernel: blk-mq: avoid double ->queue_rq() because of early timeout CVE-2022-50563 — kernel: dm thin: Fix UAF in run_timer_softirq() CVE-2022-50569 — kernel: xfrm: Update ipcomp_scratches with NULL when freed CVE-2022-50583 — kernel: md/raid0, raid10: Don't set discard sectors for request queue CVE-2022-50615 — kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() CVE-2022-50671 — kernel: RDMA/rxe: Fix "kernel NULL pointer dereference" error CVE-2022-50678 — kernel: wifi: brcmfmac: fix invalid address access when enabling SCAN log level CVE-2022-50698 — kernel: ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() CVE-2022-50714 — kernel: Linux kernel: Denial of Service in mt7921e driver during module unload CVE-2022-50715 — kernel: md/raid1: stop mdx_raid1 thread when raid1 array run failed CVE-2022-50723 — kernel: Kernel: Denial of Service via memory leak in bnxt_nvm_test() CVE-2022-50726 — kernel: net/mlx5: Fix possible use-after-free in async command interface CVE-2022-50744 — kernel: Linux kernel: Hard lockup in lpfc driver leads to Denial of Service CVE-2022-50752 — kernel: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() CVE-2022-50768 — kernel: scsi: smartpqi: Correct device removal for multi-actuator devices CVE-2022-50773 — kernel: Linux kernel ALSA mts64 module: Denial of Service via null pointer dereference CVE-2022-50863 — kernel: Kernel: Denial of Service via memory leak in wifi power saving mode CVE-2022-50866 — kernel: ASoC: pxa: fix null-pointer dereference in filter() CVE-2022-50889 — kernel: dm integrity: Fix UAF in dm_integrity_dtr() CVE-2023-0394 — kernel: NULL pointer dereference in rawv6_push_pending_frames CVE-2023-0461 — kernel: net/ulp: use-after-free in listening ULP sockets CVE-2023-1095 — kernel: netfilter: NULL pointer dereference in nf_tables due to zeroed list head CVE-2023-1195 — kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c CVE-2023-1582 — kernel: Soft lockup occurred during __page_mapcount CVE-2023-2177 — Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common CVE-2023-22998 — kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init() CVE-2023-23454 — kernel: slab-out-of-bounds read vulnerabilities in cbq_classify CVE-2023-53064 — kernel: iavf: fix hang on reboot with ice CVE-2023-53273 — kernel: Drivers: vmbus: Check for channel allocation before looking up relids CVE-2023-53393 — kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device CVE-2023-53549 — kernel: netfilter: ipset: Rework long task execution when adding/deleting entries CVE-2023-53552 — kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free CVE-2023-53811 — kernel: RDMA/irdma: Cap MSIX used to online CPUs + 1
🔗 References (54)
- selfhttps://access.redhat.com/errata/RHSA-2023:2951
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2055499
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2061703
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2078466
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2079311
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2084125
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2085300
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2090723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2108691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2108696
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2114937
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2116444
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2122228
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2122960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2123056
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2123854
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2124788
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2127985
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2130141
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2131339
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2131391
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2133483
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134377
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134506
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2137979
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2139728
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140163
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2143893
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2143943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2144720
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150947
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150979
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150999
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2151270
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2152133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2154171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2154235
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2154880
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2159969
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2160023
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2162120
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165721
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2166364
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168297
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2176192
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2180936
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_2951.json