Описание
ELSA-2023-12232: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.73.2]
- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [Orabug: 35181628] {CVE-2023-1095}
- sctp: fail if no bound addresses can be used for a given scope (Marcelo Ricardo Leitner) [Orabug: 35181461] {CVE-2023-1074}
- HID: check empty report_list in hid_validate_values() (Pietro Borrello) [Orabug: 35181168] {CVE-2023-1073}
- media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (Will Deacon) [Orabug: 35180270] {CVE-2020-0404}
[4.1.12-124.73.1]
- mm/mincore.c: make mincore() more conservative (Jiri Kosina) [Orabug: 35133279] {CVE-2019-5489}
- mm: introduce vma_is_anonymous(vma) helper (Oleg Nesterov) [Orabug: 35133279]
- Revert 'Change mincore() to count 'mapped' pages rather than 'cached' pages' (Linus Torvalds) [Orabug: 35124616]
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (Herbert Xu) [Orabug: 35005831] {CVE-2023-0394}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.73.2.el6uek
kernel-uek-debug
4.1.12-124.73.2.el6uek
kernel-uek-debug-devel
4.1.12-124.73.2.el6uek
kernel-uek-devel
4.1.12-124.73.2.el6uek
kernel-uek-doc
4.1.12-124.73.2.el6uek
kernel-uek-firmware
4.1.12-124.73.2.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.73.2.el7uek
kernel-uek-debug
4.1.12-124.73.2.el7uek
kernel-uek-debug-devel
4.1.12-124.73.2.el7uek
kernel-uek-devel
4.1.12-124.73.2.el7uek
kernel-uek-doc
4.1.12-124.73.2.el7uek
kernel-uek-firmware
4.1.12-124.73.2.el7uek
Ссылки на источники
Связанные уязвимости
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...