Alma Linux: CVE-2023-0461: Important: kernel security, bug fix, and enhancement update (Multiple Advisories)

Alma Linux: CVE-2023-0461: Important: kernel security, bug fix, and enhancement update (Multiple Advisories)

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

02/28/2023

Created

05/15/2023

Added

05/15/2023

Modified

01/28/2025

Description

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

Solution(s)

• alma-upgrade-bpftool
• alma-upgrade-kernel
• alma-upgrade-kernel-64k
• alma-upgrade-kernel-64k-core
• alma-upgrade-kernel-64k-debug
• alma-upgrade-kernel-64k-debug-core
• alma-upgrade-kernel-64k-debug-devel
• alma-upgrade-kernel-64k-debug-devel-matched
• alma-upgrade-kernel-64k-debug-modules
• alma-upgrade-kernel-64k-debug-modules-core
• alma-upgrade-kernel-64k-debug-modules-extra
• alma-upgrade-kernel-64k-devel
• alma-upgrade-kernel-64k-devel-matched
• alma-upgrade-kernel-64k-modules
• alma-upgrade-kernel-64k-modules-core
• alma-upgrade-kernel-64k-modules-extra
• alma-upgrade-kernel-abi-stablelists
• alma-upgrade-kernel-core
• alma-upgrade-kernel-cross-headers
• alma-upgrade-kernel-debug
• alma-upgrade-kernel-debug-core
• alma-upgrade-kernel-debug-devel
• alma-upgrade-kernel-debug-devel-matched
• alma-upgrade-kernel-debug-modules
• alma-upgrade-kernel-debug-modules-core
• alma-upgrade-kernel-debug-modules-extra
• alma-upgrade-kernel-debug-uki-virt
• alma-upgrade-kernel-devel
• alma-upgrade-kernel-devel-matched
• alma-upgrade-kernel-doc
• alma-upgrade-kernel-modules
• alma-upgrade-kernel-modules-core
• alma-upgrade-kernel-modules-extra
• alma-upgrade-kernel-rt
• alma-upgrade-kernel-rt-core
• alma-upgrade-kernel-rt-debug
• alma-upgrade-kernel-rt-debug-core
• alma-upgrade-kernel-rt-debug-devel
• alma-upgrade-kernel-rt-debug-kvm
• alma-upgrade-kernel-rt-debug-modules
• alma-upgrade-kernel-rt-debug-modules-core
• alma-upgrade-kernel-rt-debug-modules-extra
• alma-upgrade-kernel-rt-devel
• alma-upgrade-kernel-rt-kvm
• alma-upgrade-kernel-rt-modules
• alma-upgrade-kernel-rt-modules-core
• alma-upgrade-kernel-rt-modules-extra
• alma-upgrade-kernel-tools
• alma-upgrade-kernel-tools-libs
• alma-upgrade-kernel-tools-libs-devel
• alma-upgrade-kernel-uki-virt
• alma-upgrade-kernel-zfcpdump
• alma-upgrade-kernel-zfcpdump-core
• alma-upgrade-kernel-zfcpdump-devel
• alma-upgrade-kernel-zfcpdump-devel-matched
• alma-upgrade-kernel-zfcpdump-modules
• alma-upgrade-kernel-zfcpdump-modules-core
• alma-upgrade-kernel-zfcpdump-modules-extra
• alma-upgrade-perf
• alma-upgrade-python3-perf
• alma-upgrade-rtla

References

• https://attackerkb.com/topics/cve-2023-0461
• CVE - 2023-0461
• https://errata.almalinux.org/8/ALSA-2023-2736.html
• https://errata.almalinux.org/8/ALSA-2023-2951.html
• https://errata.almalinux.org/9/ALSA-2023-2148.html
• https://errata.almalinux.org/9/ALSA-2023-2458.html