Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9088

Опубликовано: 01 фев. 2022
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2022-9088: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.60.1]

  • xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33699627] [Orabug: 33762471] {CVE-2021-4155}
  • fix regression in 'epoll: Keep a reference on files added to the check list' (Al Viro) [Orabug: 33679854] [Orabug: 33762505] {CVE-2021-1048} {CVE-2021-1048}
  • Bluetooth: fix use-after-free error in lock_sock_nested() (Wang ShaoBo) [Orabug: 33406421] {CVE-2021-3752}
  • vt_kdsetmode: extend console locking (Linus Torvalds) [Orabug: 33406445] {CVE-2021-3753}
  • Bluetooth: SMP: Fail if remote and local public keys are identical (Luiz Augusto von Dentz) [Orabug: 33556779] {CVE-2021-0129}
  • Bluetooth: use constant time memory comparison for secret values (Jason A. Donenfeld) [Orabug: 33556779] {CVE-2021-0129}
  • Bluetooth: Add bt_dev logging macros (Loic Poulain) [Orabug: 33556779] {CVE-2021-0129}
  • ovl: fix missing negative dentry check in ovl_rename() (Zheng Liang) [Orabug: 33694378] {CVE-2021-20321}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.60.1.el6uek

kernel-uek-debug

4.1.12-124.60.1.el6uek

kernel-uek-debug-devel

4.1.12-124.60.1.el6uek

kernel-uek-devel

4.1.12-124.60.1.el6uek

kernel-uek-doc

4.1.12-124.60.1.el6uek

kernel-uek-firmware

4.1.12-124.60.1.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.60.1.el7uek

kernel-uek-debug

4.1.12-124.60.1.el7uek

kernel-uek-debug-devel

4.1.12-124.60.1.el7uek

kernel-uek-devel

4.1.12-124.60.1.el7uek

kernel-uek-doc

4.1.12-124.60.1.el7uek

kernel-uek-firmware

4.1.12-124.60.1.el7uek

Связанные CVE

CVE-2021-1048
CVE-2021-3753
CVE-2021-20321
CVE-2021-4155
CVE-2021-0129
CVE-2021-3752

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2022-9014

oracle-oval
больше 3 лет назад

ELSA-2022-9014: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2021-1048

CVSS3: 7.8
ubuntu
больше 3 лет назад

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

redhat логотип

CVE-2021-1048

CVSS3: 7.8
redhat
почти 4 года назад

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

nvd логотип

CVE-2021-1048

CVSS3: 7.8
nvd
больше 3 лет назад

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel

debian логотип

CVE-2021-1048

CVSS3: 7.8
debian
больше 3 лет назад

In ep_loop_check_proc of eventpoll.c, there is a possible way to corru ...