A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2218673]
This was fixed for Fedora with the 6.3.4 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4378 https://access.redhat.com/errata/RHSA-2023:4378
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4380 https://access.redhat.com/errata/RHSA-2023:4380
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4377 https://access.redhat.com/errata/RHSA-2023:4377
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4516 https://access.redhat.com/errata/RHSA-2023:4516
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4515 https://access.redhat.com/errata/RHSA-2023:4515
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4814 https://access.redhat.com/errata/RHSA-2023:4814
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4801 https://access.redhat.com/errata/RHSA-2023:4801
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4817 https://access.redhat.com/errata/RHSA-2023:4817
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4815 https://access.redhat.com/errata/RHSA-2023:4815
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Via RHSA-2023:4829 https://access.redhat.com/errata/RHSA-2023:4829
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4828 https://access.redhat.com/errata/RHSA-2023:4828
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4961
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4962
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Via RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:4967
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5221 https://access.redhat.com/errata/RHSA-2023:5221
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5255 https://access.redhat.com/errata/RHSA-2023:5255
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5244 https://access.redhat.com/errata/RHSA-2023:5244
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5548 https://access.redhat.com/errata/RHSA-2023:5548
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:5627 https://access.redhat.com/errata/RHSA-2023:5627