{"id":"ALSA-2023:2736","summary":"Important: kernel-rt security and bug fix update","details":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)\n* net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)\n* hw: cpu: AMD CPUs may transiently execute beyond unconditional direct branch (CVE-2021-26341)\n* malicious data for FBIOPUT_VSCREENINFO ioctl may cause OOB write memory (CVE-2021-33655)\n* when setting font with malicious data by ioctl PIO_FONT, kernel will write memory out of bounds (CVE-2021-33656)\n* possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)\n* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n* KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)\n* KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks (CVE-2022-2196)\n* netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)\n* race condition in xfrm_probe_algs can lead to OOB read/write (CVE-2022-3028)\n* media: em28xx: initialize refcount before kref_get (CVE-2022-3239)\n* race condition in hugetlb_no_page() in mm/hugetlb.c (CVE-2022-3522)\n* memory leak in ipv6_renew_options() (CVE-2022-3524)\n* data races around icsk-\u003eicsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)\n* data races around sk-\u003esk_prot (CVE-2022-3567)\n* memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)\n* denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)\n* use-after-free after failed devlink reload in devlink_param_get (CVE-2022-3625)\n* USB-accessible buffer overflow in brcmfmac (CVE-2022-3628)\n* Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)\n* l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference (CVE-2022-4129)\n* igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets (CVE-2022-20141)\n* Executable Space Protection Bypass (CVE-2022-25265)\n* Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)\n* unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry (CVE-2022-39188)\n* TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning (CVE-2022-39189)\n* Report vmalloc UAF in dvb-core/dmxdev (CVE-2022-41218)\n* u8 overflow problem in cfg80211_update_notlisted_nontrans() (CVE-2022-41674)\n* use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)\n* use-after-free in bss_ref_get in net/wireless/scan.c (CVE-2022-42720)\n* BSS list corruption in cfg80211_add_nontrans_list in net/wireless/scan.c (CVE-2022-42721)\n* Denial of service in beacon protection for P2P-device (CVE-2022-42722)\n* memory corruption in usbmon driver (CVE-2022-43750)\n* NULL pointer dereference in traffic control subsystem (CVE-2022-47929)\n* NULL pointer dereference in rawv6_push_pending_frames (CVE-2023-0394)\n* use-after-free caused by invalid pointer hostname in fs/cifs/connect.c (CVE-2023-1195)\n* Soft lockup occurred during __page_mapcount (CVE-2023-1582)\n* slab-out-of-bounds read vulnerabilities in cbq_classify (CVE-2023-23454)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T03:56:44.078233Z","published":"2023-05-16T00:00:00Z","related":["CVE-2021-26341","CVE-2021-33655","CVE-2021-33656","CVE-2022-1462","CVE-2022-1679","CVE-2022-1789","CVE-2022-20141","CVE-2022-2196","CVE-2022-25265","CVE-2022-2663","CVE-2022-3028","CVE-2022-30594","CVE-2022-3239","CVE-2022-3522","CVE-2022-3524","CVE-2022-3564","CVE-2022-3566","CVE-2022-3567","CVE-2022-3619","CVE-2022-3623","CVE-2022-3625","CVE-2022-3628","CVE-2022-3707","CVE-2022-39188","CVE-2022-39189","CVE-2022-41218","CVE-2022-4129","CVE-2022-41674","CVE-2022-42703","CVE-2022-42720","CVE-2022-42721","CVE-2022-42722","CVE-2022-43750","CVE-2022-47929","CVE-2023-0394","CVE-2023-0461","CVE-2023-1195","CVE-2023-1582","CVE-2023-23454"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:2736"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-26341"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-33655"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-33656"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1462"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1679"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1789"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-20141"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2196"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-25265"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2663"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3028"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-30594"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3239"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3522"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3524"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3564"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3566"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3567"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3619"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3623"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3625"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3628"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-3707"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-39188"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-39189"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-41218"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-4129"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-41674"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-42703"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-42720"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-42721"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-42722"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-43750"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-47929"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0394"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-0461"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1195"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1582"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-23454"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2055499"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2061703"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2078466"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2084125"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2085300"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2090723"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2108691"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2108696"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2114937"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2122228"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2122960"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2123056"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2124788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2127985"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2130141"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2133483"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134377"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134451"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134506"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134517"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2134528"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2137979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2143893"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2143943"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2144720"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2150947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2150960"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2150979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2150999"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2151270"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2154171"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2154235"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2160023"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2162120"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2165721"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2168246"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2168297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2176192"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2180936"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2023-2736.html"}],"affected":[{"package":{"name":"kernel-rt","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug-core","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug-kvm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-kvm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-debug-modules-extra","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-debug-modules-extra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-kvm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-kvm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-modules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}},{"package":{"name":"kernel-rt-modules-extra","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/kernel-rt-modules-extra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-477.10.1.rt7.274.el8_8"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2023:2736.json"}}],"schema_version":"1.7.3"}