RHSA-2023:7398HighCVSS 7.0
Red Hat Security Advisory: kernel security and bug fix update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-45884 — kernel: use-after-free due to race condition occurring in dvb_register_device() CVE-2022-45886 — kernel: use-after-free due to race condition occurring in dvb_net.c CVE-2022-45919 — kernel: use-after-free due to race condition occurring in dvb_ca_en50221.c CVE-2022-50243 — kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key CVE-2022-50274 — kernel: media: dvbdev: adopts refcnt to avoid UAF CVE-2023-2177 — Kernel: NULL pointer dereference problem in sctp_sched_dequeue_common CVE-2023-3609 — kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails CVE-2023-3776 — kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2023:7398
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2148510
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2148517
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2151956
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2187953
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2225097
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2225201
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7398.json