Описание
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
-
kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
-
kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
-
kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
-
kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
-
kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Intel 9.2: Important iavf bug fixes (BZ#2127884)
-
vfio zero page mappings fail after 2M instances (BZ#2128514)
-
nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
-
ice: Driver Update to 5.19 (BZ#2132070)
-
WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
-
drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
-
updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
-
DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
-
No signal showed in the VGA monitor when installing Rocky Linux9 in the legacy bios mode (BZ#2140153)
-
Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
-
ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
-
fatal error: error in backend: Branch target out of insn range (BZ#2144902)
-
AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
-
Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
-
Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
-
DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2067482
- Red Hat - 2085300
- Red Hat - 2103681
- Red Hat - 2123309
- Red Hat - 2141752
- Red Hat - 2147572
Связанные уязвимости
ELSA-2023-0334: kernel security and bug fix update (IMPORTANT)
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
