Red Hat Security Advisory: kernel security and bug fix update
Advisory ID: SLSA-2023:5622
Issue Date: 2023-10-10
CVE Numbers: CVE-2023-3609
CVE-2023-32233
CVE-2023-35001
—
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
* kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
Bug Fix(es):
* Low memory deadlock with md devices and external (imsm) metadata handling (BZ#1703180)
* cifs: memory leak in smb2_query_symlink (BZ#2166706)
* bnxt_en: panic in bnxt_tx_int Redux (BZ#2175062)
* NFS client loop in BIND_CONN_TO_SESSION (BZ#2219604)
—
This content is derived from https://access.redhat.com/errata/RHSA-2023:5622
—
SL7
x86_64
bpftool-0:3.10.0-1160.102.1.el7.x86_64
srpm
kernel-0:3.10.0-1160.102.1.el7.src
noarch
kernel-abi-whitelists-0:3.10.0-1160.102.1.el7.noarch
– Scientific Linux Development Team
