RHEL 8 : kernel-rt (RHSA-2023:6901)

high Nessus Plugin ID 185666

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6901 advisory.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: tun: double free in tun_free_netdev (CVE-2022-4744)

* kernel: net/sched: cls_u32 component reference counter leak (CVE-2023-3609)

* kernel: net/sched: sch_qfq vulnerability (CVE-2023-3611)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)

* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

* kernel: use-after-free and info leak in l2cap_conn_del and l2cap_parse_conf_req (CVE-2022-3640, CVE-2022-42895)

* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)

* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)

* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)

* kernel: speculative pointer dereference in do_prlimit in kernel/sys.c (CVE-2023-0458)

* kernel: use-after-free in qdisc_graft (CVE-2023-0590)

* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)

* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: Use after free bug in btsdio_remove (CVE-2023-1989)

* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)

* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)

* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)

* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)

* kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h (CVE-2023-4732)

* Kernel: denial of service in atm_tc_enqueue (CVE-2023-23455)

* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)

* kernel: saa7134: race condition in saa7134_finidev (CVE-2023-35823)

* kernel: dm1105: race condition in dm1105_remove.c (CVE-2023-35824)

* kernel: r592: race condition in r592_remove (CVE-2023-35825)

* kernel: net/tls: tls_is_tx_ready checked list_entry (CVE-2023-1075)

* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

* kernel: Use after free in r592_remove (CVE-2023-3141)

* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

For more details about the security issue(s), refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?819248f8

http://www.nessus.org/u?884389fc

https://access.redhat.com/errata/RHSA-2023:6901

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/solutions/7027704

https://bugzilla.redhat.com/show_bug.cgi?id=2024989

https://bugzilla.redhat.com/show_bug.cgi?id=2073091

https://bugzilla.redhat.com/show_bug.cgi?id=2133453

https://bugzilla.redhat.com/show_bug.cgi?id=2133455

https://bugzilla.redhat.com/show_bug.cgi?id=2139610

https://bugzilla.redhat.com/show_bug.cgi?id=2147356

https://bugzilla.redhat.com/show_bug.cgi?id=2148520

https://bugzilla.redhat.com/show_bug.cgi?id=2149024

https://bugzilla.redhat.com/show_bug.cgi?id=2151317

https://bugzilla.redhat.com/show_bug.cgi?id=2156322

https://bugzilla.redhat.com/show_bug.cgi?id=2165741

https://bugzilla.redhat.com/show_bug.cgi?id=2165926

https://bugzilla.redhat.com/show_bug.cgi?id=2168332

https://bugzilla.redhat.com/show_bug.cgi?id=2173403

https://bugzilla.redhat.com/show_bug.cgi?id=2173430

https://bugzilla.redhat.com/show_bug.cgi?id=2173434

https://bugzilla.redhat.com/show_bug.cgi?id=2173444

https://bugzilla.redhat.com/show_bug.cgi?id=2174400

https://bugzilla.redhat.com/show_bug.cgi?id=2175903

https://bugzilla.redhat.com/show_bug.cgi?id=2176140

https://bugzilla.redhat.com/show_bug.cgi?id=2177371

https://bugzilla.redhat.com/show_bug.cgi?id=2177389

https://bugzilla.redhat.com/show_bug.cgi?id=2181330

https://bugzilla.redhat.com/show_bug.cgi?id=2182443

https://bugzilla.redhat.com/show_bug.cgi?id=2184578

https://bugzilla.redhat.com/show_bug.cgi?id=2185945

https://bugzilla.redhat.com/show_bug.cgi?id=2187257

https://bugzilla.redhat.com/show_bug.cgi?id=2188468

https://bugzilla.redhat.com/show_bug.cgi?id=2192667

https://bugzilla.redhat.com/show_bug.cgi?id=2192671

https://bugzilla.redhat.com/show_bug.cgi?id=2193097

https://bugzilla.redhat.com/show_bug.cgi?id=2193219

https://bugzilla.redhat.com/show_bug.cgi?id=2213139

https://bugzilla.redhat.com/show_bug.cgi?id=2213199

https://bugzilla.redhat.com/show_bug.cgi?id=2213485

https://bugzilla.redhat.com/show_bug.cgi?id=2213802

https://bugzilla.redhat.com/show_bug.cgi?id=2214348

https://bugzilla.redhat.com/show_bug.cgi?id=2215502

https://bugzilla.redhat.com/show_bug.cgi?id=2215835

https://bugzilla.redhat.com/show_bug.cgi?id=2215836

https://bugzilla.redhat.com/show_bug.cgi?id=2215837

https://bugzilla.redhat.com/show_bug.cgi?id=2218195

https://bugzilla.redhat.com/show_bug.cgi?id=2218212

https://bugzilla.redhat.com/show_bug.cgi?id=2218943

https://bugzilla.redhat.com/show_bug.cgi?id=2219530

https://bugzilla.redhat.com/show_bug.cgi?id=2221707

https://bugzilla.redhat.com/show_bug.cgi?id=2223949

https://bugzilla.redhat.com/show_bug.cgi?id=2225191

https://bugzilla.redhat.com/show_bug.cgi?id=2225201

https://bugzilla.redhat.com/show_bug.cgi?id=2225511

https://bugzilla.redhat.com/show_bug.cgi?id=2236982

Plugin Details

Severity: High

ID: 185666

File Name: redhat-RHSA-2023-6901.nasl

Version: 1.3

Type: local

Agent: unix

Published: 11/14/2023

Updated: 9/10/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-43975

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-3640

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2023

Vulnerability Publication Date: 11/9/2021

Reference Information

CVE: CVE-2021-43975, CVE-2022-28388, CVE-2022-3594, CVE-2022-3640, CVE-2022-38457, CVE-2022-40133, CVE-2022-40982, CVE-2022-42895, CVE-2022-45869, CVE-2022-45887, CVE-2022-4744, CVE-2023-0458, CVE-2023-0590, CVE-2023-0597, CVE-2023-1073, CVE-2023-1074, CVE-2023-1075, CVE-2023-1079, CVE-2023-1118, CVE-2023-1206, CVE-2023-1252, CVE-2023-1382, CVE-2023-1855, CVE-2023-1989, CVE-2023-1998, CVE-2023-2269, CVE-2023-23455, CVE-2023-2513, CVE-2023-26545, CVE-2023-28328, CVE-2023-28772, CVE-2023-30456, CVE-2023-31084, CVE-2023-3141, CVE-2023-31436, CVE-2023-3161, CVE-2023-3212, CVE-2023-3268, CVE-2023-33203, CVE-2023-33951, CVE-2023-33952, CVE-2023-35823, CVE-2023-35824, CVE-2023-3609, CVE-2023-3611, CVE-2023-3772, CVE-2023-4132, CVE-2023-4155, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4732

CWE: 119, 125, 1335, 200, 327, 358, 362, 366, 367, 401, 415, 416, 476, 667, 779, 787, 824, 843

RHSA: 2023:6901