Multiple RedHat Linux Kernel Vulnerabilities

[Fleury, Terry]

CI Operators:

RedHat has announced multiple High severity Linux kernel vulnerabilities [1-10] affecting RHEL 7, 8, and 9, including RedHat variants such as Rocky Linux and AlmaLinux. These vulnerabilities can enable a local attacker to gain elevated privileges.

 

Impact:

Many of these vulnerabilities are due to issues in the netfilter kernel module. It is possible to prevent the module from loading [11]. However, note that containerized deployments, such as Red Hat OpenShift Container Platform, require the module to be enabled.

 

Affected Software: 

Linux Kernel in RHEL 7, 8, 9, including RedHat variants

 

Recommendation:

Update to the latest kernel version for your operating system as soon as possible. If you do not have a containerized deployment, you can mitigate the issue by preventing the appropriate modules from loading.

 

References:

[1] https://access.redhat.com/security/cve/cve-2023-35001

[2] https://access.redhat.com/security/cve/cve-2023-3776 

[3] https://access.redhat.com/security/cve/cve-2023-20593 

[4] https://access.redhat.com/security/cve/cve-2023-3390 

[5] https://access.redhat.com/security/cve/cve-2023-4004 

[6] https://access.redhat.com/security/cve/cve-2023-21102 

[7] https://access.redhat.com/security/cve/cve-2023-1637 

[8] https://access.redhat.com/security/cve/cve-2023-3610 

[9] https://access.redhat.com/security/cve/cve-2023-4147 

[10] https://access.redhat.com/security/cve/cve-2023-31248 

[11] https://access.redhat.com/solutions/41278 

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.