Security Vulnerabilities fixed in kernel RHSA-2023:1470

description-logoDescription

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266) kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880) Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766) RHEL9.0 - boot: Add secure boot trailer (BZ#2151528) kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614) Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105) RHEL9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903) libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956) Azure RHEL9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227) RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880) Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766) RHEL9.0 - boot: Add secure boot trailer (BZ#2151528) kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614) Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105) RHEL9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903) libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956) Azure RHEL9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227) Enhancement(s): IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304) Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382) IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304) Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382) SolutionFor details on how to apply this update, which includes the changes described in this advisory, refer to:https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect.

affected-products-logoAffected Applications

kernel