[Apollo] Advisories Statistics light light Login

RLSA-2023:1470

Security Mirrored from RHSA-2023:1470
Issued at: 2023-04-06
Updated at: 2023-04-06

Synopsis

Important: kernel security, bug fix, and enhancement update



Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)

* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Rocky Linux9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127880)

* Cgroups_v2, when creating new cgroup/container, resets the cpu affinity masks for all usr processes on the system. (BZ#2143766)

* Rocky Linux9.0 - boot: Add secure boot trailer (BZ#2151528)

* kernel-rt-debug: WARNING: possible circular locking dependency detected (&n->list_lock->&p->pi_lock->&lock->wait_lock) (BZ#2160614)

* Support cpuset.sched_load_balance by changing default CPUset directory structure (BZ#2161105)

* Rocky Linux9.0 - s390/kexec: fix ipl report address for kdump (BZ#2166903)

* libgpiod doesn't seem to work with Interphase gpiochip (BZ#2166956)

* Azure Rocky Linux9 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170227)

Enhancement(s):

* IBM 9.2 FEAT: Upgrade the QETH driver to latest from upstream, e.g. kernel 6.0 (BZ#2166304)

* Intel 9.2 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168382)



Affected products

Rocky Linux 9 aarch64

Fixes

2150272 2156322 2163379

CVEs

CVE-2022-4269 CVE-2022-4744 CVE-2023-0266

Affected packages

Rocky Linux 9 aarch64 - BaseOS

kernel-0:5.14.0-162.22.2.el9_1.src.rpm bpftool-0:5.14.0-162.22.2.el9_1.aarch64.rpm bpftool-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-abi-stablelists-0:5.14.0-162.22.2.el9_1.noarch.rpm kernel-core-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-core-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-modules-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-modules-extra-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-modules-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-modules-extra-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-tools-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-tools-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-tools-libs-0:5.14.0-162.22.2.el9_1.aarch64.rpm python3-perf-0:5.14.0-162.22.2.el9_1.aarch64.rpm python3-perf-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm

Rocky Linux 9 aarch64 - CRB

kernel-0:5.14.0-162.22.2.el9_1.src.rpm kernel-cross-headers-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-tools-libs-devel-0:5.14.0-162.22.2.el9_1.aarch64.rpm

Rocky Linux 9 aarch64 - AppStream

kernel-0:5.14.0-162.22.2.el9_1.src.rpm kernel-debug-devel-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-debug-devel-matched-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-devel-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-devel-matched-0:5.14.0-162.22.2.el9_1.aarch64.rpm kernel-doc-0:5.14.0-162.22.2.el9_1.noarch.rpm kernel-headers-0:5.14.0-162.22.2.el9_1.aarch64.rpm perf-0:5.14.0-162.22.2.el9_1.aarch64.rpm perf-debuginfo-0:5.14.0-162.22.2.el9_1.aarch64.rpm