Skip to content

OSG-SEC-2023-09-25 HIGH Multiple Linux Kernel Vulnerabilities

Dear OSG Security Contacts,

Red Hat has announced multiple Linux kernel security vulnerabilities that can result in privilege escalation. Please see the details below.

IMPACTED VERSIONS:

RHEL 7, 8, 9 and all RHEL based distributions.

WHAT ARE THE VULNERABILITIES:

The following CVEs affect RHEL7, RHEL8 & RHEL9:

CVE-2023-35001 - An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment. [1]

CVE-2023-3776 - A use-after-free vulnerability was found in fw_set_parms in net/sched/cls_fw.c in the network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain local privilege escalation. [2]

CVE-2023-20593 - Zenbleed AMD Zen 2 CPU data leak. [3]

The following CVEs affect RHEL8 & RHEL9:

CVE-2023-3390 - A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. [4]

CVE-2023-4004 - A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. [5]

CVE-2023-21102 - A vulnerability was found in the __efi_rt_asm_wrapper of the efi-rt-wrapper.S in the Linux kernel, where there is a possible bypass of shadow stack protection due to a logic error in the code. This flaw could lead to local escalation of privilege without additional execution privileges needed. [6]

CVE-2023-1637 - A flaw was found in the Linux kernel X86 CPU Power management when resuming CPU from suspend-to-RAM. This issue could allow a local user unauthorized access to memory from the CPU. [7]

The following CVEs affect RHEL9 only:

CVE-2023-3610 - A use-after-free vulnerability was found in the netfilter: nf_tables component in the Linux kernel due to a missing error handling in the abort path of NFT_MSG_NEWRULE. This flaw allows a local attacker with CAP_NET_ADMIN access capability to cause a local privilege escalation problem. [8]

CVE-2023-4147 - A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. [9]

CVE-2023-31248 - A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nf_tables_api.c in nft_chain_lookup_byid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup. [10]

WHAT YOU SHOULD DO:

Sites running RHEL7 are recommended to carry out mitigation, unless this disables functionality required, again see references below.

Sites running RHEL8 are also recommended to update relevant components, as most of the vulnerabilities affecting RHEL8 have also been fixed.

Sites running RHEL9 and derivatives are recommended to update relevant components as soon as possible, when a patched version is available see references below.

Sites running various linux derivatives should see references below [11] [12] [13] [14].

REFERENCES

[1] https://access.redhat.com/security/cve/cve-2023-35001

[2] https://access.redhat.com/security/cve/cve-2023-3776

[3] https://access.redhat.com/security/cve/cve-2023-20593

[4] https://access.redhat.com/security/cve/cve-2023-3390

[5] https://access.redhat.com/security/cve/cve-2023-4004

[6] https://access.redhat.com/security/cve/cve-2023-21102

[7] https://access.redhat.com/security/cve/cve-2023-1637

[8] https://access.redhat.com/security/cve/cve-2023-3610

[9] https://access.redhat.com/security/cve/cve-2023-4147

[10] https://access.redhat.com/security/cve/cve-2023-31248

[11] https://scientificlinux.org/category/sl-errata/

[12] https://lists.centos.org/pipermail/centos-announce/

[13] https://errata.build.resf.org/

[14] https://errata.almalinux.org/

Please contact the OSG security team at [email protected] if you have any questions or concerns.

OSG Security Team