CVE-2023-52973

EUVD-2023-59747

27.03.2025, 17:15

In the Linux kernel, the following vulnerability has been resolved:

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

After a call to console_unlock() in vcs_read() the vc_data struct can be
freed by vc_deallocate(). Because of that, the struct vc_data pointer
load must be done at the top of while loop in vcs_read() to avoid a UAF
when vcs_size() is called.

Syzkaller reported a UAF in vcs_size().

BUG: KASAN: use-after-free in vcs_size (drivers/tty/vt/vc_screen.c:215)
Read of size 4 at addr ffff8881137479a8 by task 4a005ed81e27e65/1537

CPU: 0 PID: 1537 Comm: 4a005ed81e27e65 Not tainted 6.2.0-rc5 #1
Hardware name: Red Hat KVM, BIOS 1.15.0-2.module
Call Trace:
  <TASK>
__asan_report_load4_noabort (mm/kasan/report_generic.c:350)
vcs_size (drivers/tty/vt/vc_screen.c:215)
vcs_read (drivers/tty/vt/vc_screen.c:415)
vfs_read (fs/read_write.c:468 fs/read_write.c:450)
...
  </TASK>

Allocated by task 1191:
...
kmalloc_trace (mm/slab_common.c:1069)
vc_allocate (./include/linux/slab.h:580 ./include/linux/slab.h:720
     drivers/tty/vt/vt.c:1128 drivers/tty/vt/vt.c:1108)
con_install (drivers/tty/vt/vt.c:3383)
tty_init_dev (drivers/tty/tty_io.c:1301 drivers/tty/tty_io.c:1413
     drivers/tty/tty_io.c:1390)
tty_open (drivers/tty/tty_io.c:2080 drivers/tty/tty_io.c:2126)
chrdev_open (fs/char_dev.c:415)
do_dentry_open (fs/open.c:883)
vfs_open (fs/open.c:1014)
...

Freed by task 1548:
...
kfree (mm/slab_common.c:1021)
vc_port_destruct (drivers/tty/vt/vt.c:1094)
tty_port_destructor (drivers/tty/tty_port.c:296)
tty_port_put (drivers/tty/tty_port.c:312)
vt_disallocate_all (drivers/tty/vt/vt_ioctl.c:662 (discriminator 2))
vt_ioctl (drivers/tty/vt/vt_ioctl.c:903)
tty_ioctl (drivers/tty/tty_io.c:2776)
...

The buggy address belongs to the object at ffff888113747800
  which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 424 bytes inside of
  1024-byte region [ffff888113747800, ffff888113747c00)

The buggy address belongs to the physical page:
page:00000000b3fe6c7c refcount:1 mapcount:0 mapping:0000000000000000
     index:0x0 pfn:0x113740
head:00000000b3fe6c7c order:3 compound_mapcount:0 subpages_mapcount:0
     compound_pincount:0
anon flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
raw: 0017ffffc0010200 ffff888100042dc0 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
  ffff888113747880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
  ffff888113747900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> ffff888113747980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                                   ^
  ffff888113747a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
  ffff888113747a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
Disabling lock debugging due to kernel taint

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	2.6.38 ≤ 𝑥 < 4.14.329
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.273
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.232
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.168
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.93
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.11
linux	linux_kernel	6.2:rc1
linux	linux_kernel	6.2:rc2
linux	linux_kernel	6.2:rc3
linux	linux_kernel	6.2:rc4
linux	linux_kernel	6.2:rc5
linux	linux_kernel	6.2:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.129-1 fixed
bookworm (security)	6.1.128-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.234-1 fixed
sid	6.12.20-1 fixed
trixie	6.12.19-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-allwinner-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-aws-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-aws-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-aws-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-aws-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-aws-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-aws-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-aws-hwe

focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	needs-triage

linux-azure

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
trusty	needs-triage
xenial	needs-triage

linux-azure-4.15

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-azure-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-azure-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-azure-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-azure-fde

focal	ignored
jammy	needs-triage
noble	dne
oracular	dne

linux-azure-fde-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-azure-fde-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-fde-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-azure-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-bluefield

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
xenial	needs-triage

linux-gcp

bionic	ignored
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
xenial	needs-triage

linux-gcp-4.15

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gcp-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gcp-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-gcp-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-gcp-fips

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

linux-gke

focal	ignored
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-gke-4.15

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gke-5.15

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gke-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-gkeop

focal	ignored
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-gkeop-5.15

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-gkeop-5.4

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-hwe

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	needs-triage

linux-hwe-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-hwe-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-hwe-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-hwe-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-hwe-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-hwe-edge

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne
xenial	ignored

linux-ibm

focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-ibm-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-ibm-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-intel-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-intel-iot-realtime

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-intel-iotg

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-intel-iotg-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-iot

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-kvm

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne
xenial	needs-triage

linux-lowlatency

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-lowlatency-hwe-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-lowlatency-hwe-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-lowlatency-hwe-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-lowlatency-hwe-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-lts-xenial

focal	dne
jammy	dne
noble	dne
oracular	dne
trusty	needs-triage

linux-nvidia

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-nvidia-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-nvidia-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-nvidia-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-nvidia-lowlatency

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-nvidia-tegra

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	dne

linux-nvidia-tegra-igx

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-oem

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oem-5.10

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.14

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-5.17

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-5.6

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oem-6.0

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.1

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.11

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-oem-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oem-6.8

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-oracle

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage
xenial	needs-triage

linux-oracle-5.0

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.13

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.3

bionic	ignored
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-oracle-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-oracle-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-oracle-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-raspi

focal	needs-triage
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-raspi-5.4

bionic	needs-triage
focal	dne
jammy	dne
noble	dne
oracular	dne

linux-raspi-realtime

focal	dne
jammy	dne
noble	needs-triage
oracular	dne

linux-raspi2

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-realtime

focal	dne
jammy	needs-triage
noble	needs-triage
oracular	needs-triage

linux-riscv

focal	ignored
jammy	ignored
noble	needs-triage
oracular	needs-triage

linux-riscv-5.11

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-riscv-5.15

focal	needs-triage
jammy	dne
noble	dne
oracular	dne

linux-riscv-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-riscv-5.8

focal	ignored
jammy	dne
noble	dne
oracular	dne

linux-riscv-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-riscv-6.8

focal	dne
jammy	needs-triage
noble	dne
oracular	dne

linux-starfive-5.19

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-starfive-6.2

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-starfive-6.5

focal	dne
jammy	ignored
noble	dne
oracular	dne

linux-xilinx-zynqmp

focal	needs-triage
jammy	needs-triage
noble	dne
oracular	dne

openSUSE / SLES Releases

openSUSE Product

Release

cluster-md-kmp-default

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

dlm-kmp-default

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

gfs2-kmp-default

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-64kb

suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-default

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-default-base

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP2	5.3.18-150200.24.224.1.150200.9.120.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1.150300.18.120.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1.150400.24.80.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1.150500.6.47.1 fixed

kernel-default-man

suse enterprise server 12 SP5

4.12.14-122.255.1

fixed

kernel-docs

suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-macros

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-obs-build

suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-preempt

suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed

kernel-source

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-syms

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

kernel-zfcpdump

suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

ocfs2-kmp-default

suse enterprise server 12 SP5	4.12.14-122.255.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

reiserfs-kmp-default

suse enterprise server 15 SP2	5.3.18-150200.24.224.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.59.201.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.24.161.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.55.100.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

bpftool

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:7.3.0-427.13.1.el9_4 fixed

kernel

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-64k

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-debug-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-64k-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-abi-stablelists

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-core

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug-core

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug-devel

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-modules

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-debug-modules-extra

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-debug-uki-virt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-devel

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-doc

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-modules

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-modules-extra

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-rt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-kvm

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-debug-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-devel

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-kvm

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-rt-modules-extra

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-tools

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-tools-libs

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-tools-libs-devel

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-uki-virt

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-zfcpdump-core

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-zfcpdump-devel

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-zfcpdump-devel-matched

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-modules

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

kernel-zfcpdump-modules-core

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

kernel-zfcpdump-modules-extra

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

libperf

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

perf

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

python3-perf

RHEL 8	0:4.18.0-553.el8_10 fixed
RHEL 8.8 AUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 E4S	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 EUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 8.8 TUS	0:4.18.0-477.43.1.el8_8 fixed
RHEL 9	0:5.14.0-427.13.1.el9_4 fixed

rtla

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

RHEL 9

0:5.14.0-427.13.1.el9_4

fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://git.kernel.org/stable/c/226fae124b2dac217ea5436060d623ff3385bc34

https://git.kernel.org/stable/c/55515d7d8743b71b80bfe68e89eb9d92630626ab

https://git.kernel.org/stable/c/6332f52f44b9776568bf3c0b714ddfb0bb175e78

https://git.kernel.org/stable/c/8506f16aae9daf354e3732bcfd447e2a97f023df

https://git.kernel.org/stable/c/af79ea9a2443016f64d8fd8d72020cc874f0e066

https://git.kernel.org/stable/c/d0332cbf53dad06a22189cc341391237f4ea6d9f

https://git.kernel.org/stable/c/fc9e27f3ba083534b8bbf72ab0f5c810ffdc7d18