{"id":"CLSA-2023-1686651204","summary":"kernel: Fix of 25 CVEs","details":"- cgroup: Use open-time cgroup namespace for process migration perm checks {CVE-2021-4197}\n- cgroup: Use open-time credentials for process migraton perm checks {CVE-2021-4197}\n- vt: drop old FONT ioctls {CVE-2021-33656}\n- fbmem: Check virtual screen sizes in fb_set_var() {CVE-2021-33655}\n- fbcon: Prevent that screen size is smaller than font size {CVE-2021-33655}\n- fbcon: Disallow setting font bigger than screen size {CVE-2021-33655}\n- KVM: nVMX: add missing consistency checks for CR0 and CR4 {CVE-2023-30456}\n- net: usb: ax88179_178a: Fix packet receiving\n- ipv4: make exception cache less predictible {CVE-2021-20322}\n- ipv4: use siphash instead of Jenkins in fnhe_hashfun() {CVE-2021-20322}\n- ipv6: make exception cache less predictible {CVE-2021-20322}\n- ipv6: use siphash in rt6_exception_hash() {CVE-2021-20322}\n- ipv6: use jhash2() in rt6_exception_hash()\n- psi: Fix uaf issue when psi trigger is destroyed while being polled {CVE-2022-2938}\n- psi: fix possible trigger missing in the window\n- cgroup: Allocate cgroup_file_ctx for kernfs_open_file-\u003epriv\n- cgroup: make per-cgroup pressure stall tracking configurable\n- netfilter: nf_tables_offload: incorrect flow offload action array size {CVE-2022-25636}\n- netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create\n- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm {CVE-2022-42896}\n- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM {CVE-2022-42896}\n- devlink: Fix use-after-free after a failed reload {CVE-2022-3625}\n- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS {CVE-2022-2196}\n- net/sched: tcindex: update imperfect hash filters respecting rcu {CVE-2023-1281}\n- seq_buf: Fix overflow in seq_buf_putmem_hex() {CVE-2023-28772}\n- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380}\n- kvm: initialize all of the kvm_debugregs structure before sending it to userspace {CVE-2023-1513}\n- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work {CVE-2023-1989}\n- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436}\n- cgroup-v1: Require capabilities to set release_agent {CVE-2022-0492}\n- net: sched: fix use-after-free in tc_new_tfilter() {CVE-2022-1055}\n- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() {CVE-2022-28893}\n- net/sched: cls_u32: fix netns refcount changes in u32_change() {CVE-2022-29581}\n- i2c: ismt: Fix an out-of-bounds bug in ismt_access() {CVE-2022-2873}\n- RDMA/cma: Do not change route.addr.src_addr.ss_family {CVE-2021-4028}\n- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup {CVE-2022-2964}\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address {CVE-2022-1158}\n- ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386}","modified":"2026-05-27T11:36:14.067743853Z","published":"2023-06-13T10:13:28Z","upstream":["CVE-2021-20322","CVE-2021-33655","CVE-2021-33656","CVE-2021-4028","CVE-2021-4197","CVE-2022-0492","CVE-2022-1055","CVE-2022-1158","CVE-2022-2196","CVE-2022-25636","CVE-2022-2873","CVE-2022-28893","CVE-2022-2938","CVE-2022-29581","CVE-2022-2964","CVE-2022-3625","CVE-2022-42896","CVE-2023-0386","CVE-2023-1281","CVE-2023-1380","CVE-2023-1513","CVE-2023-1989","CVE-2023-28772","CVE-2023-30456","CVE-2023-31436"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.5-els/CLSA-2023-1686651204.html"}],"affected":[{"package":{"name":"bpftool","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/bpftool?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-core","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-core?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-cross-headers","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-cross-headers?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug-core","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug-core?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug-devel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug-devel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug-modules","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug-modules?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug-modules-extra","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug-modules-extra?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-debug-modules-internal","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-debug-modules-internal?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-devel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-devel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-headers","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-headers?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-ipaclones-internal","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-ipaclones-internal?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-modules","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-modules?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-modules-extra","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-modules-extra?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-modules-internal","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-modules-internal?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-selftests-internal","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-selftests-internal?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-tools","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-tools?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-tools-libs","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-tools-libs?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"kernel-tools-libs-devel","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/kernel-tools-libs-devel?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"perf","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/perf?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}},{"package":{"name":"python3-perf","ecosystem":"TuxCare:CentOS:8.5","purl":"pkg:rpm/tuxcare/python3-perf?distro=centos-8.5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.18.0-348.7.1.el8_5.tuxcare.els8"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2023-1686651204.json"}}],"schema_version":"1.7.5"}