A use-after-free flaw was found in snd_ctl_elem_read in sound/core/control.c in Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak problem. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56b88b50565cd8b946a2d00b0c83927b7ebb055e
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1202 https://access.redhat.com/errata/RHSA-2023:1202
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1203 https://access.redhat.com/errata/RHSA-2023:1203
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1435 https://access.redhat.com/errata/RHSA-2023:1435
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1469 https://access.redhat.com/errata/RHSA-2023:1469
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1471 https://access.redhat.com/errata/RHSA-2023:1471
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:1470 https://access.redhat.com/errata/RHSA-2023:1470
A customer is waiting on a fix for RHEL 8.7. Will the fix be backported to RHEL 8? Are there any mitigation steps available?
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1556 https://access.redhat.com/errata/RHSA-2023:1556
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1554 https://access.redhat.com/errata/RHSA-2023:1554
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1560 https://access.redhat.com/errata/RHSA-2023:1560
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1557 https://access.redhat.com/errata/RHSA-2023:1557
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:1559 https://access.redhat.com/errata/RHSA-2023:1559
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1584 https://access.redhat.com/errata/RHSA-2023:1584
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1588 https://access.redhat.com/errata/RHSA-2023:1588
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:1590 https://access.redhat.com/errata/RHSA-2023:1590
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1566 https://access.redhat.com/errata/RHSA-2023:1566
In reply to comment #13: > A customer is waiting on a fix for RHEL 8.7. Will the fix be backported to > RHEL 8? Are there any mitigation steps available? Hello, Yes we has this fixed for RHEL 8.7, please refer to the CVE page as well for more information. Thank you.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:1662 https://access.redhat.com/errata/RHSA-2023:1662
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:1660 https://access.redhat.com/errata/RHSA-2023:1660
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1659 https://access.redhat.com/errata/RHSA-2023:1659
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2023:1666 https://access.redhat.com/errata/RHSA-2023:1666
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2023:1677 https://access.redhat.com/errata/RHSA-2023:1677
Closing this bug as most of the fixes were already delivered through erratas.