Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-12759

Опубликовано: 01 сент. 2023
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2023-12759: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.78.2]

  • xfrm: fix crash in XFRM_MSG_GETSA netlink handler (Vegard Nossum) [Orabug: 35598955] {CVE-2023-3106}
  • netfilter: nf_tables: validate registers coming from userspace (Harshvardhan Jha) [Orabug: 34012909] {CVE-2022-1015}

[4.1.12-124.78.1]

  • vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649493] {CVE-2023-3567}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.78.2.el6uek

kernel-uek-debug

4.1.12-124.78.2.el6uek

kernel-uek-debug-devel

4.1.12-124.78.2.el6uek

kernel-uek-devel

4.1.12-124.78.2.el6uek

kernel-uek-doc

4.1.12-124.78.2.el6uek

kernel-uek-firmware

4.1.12-124.78.2.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.78.2.el7uek

kernel-uek-debug

4.1.12-124.78.2.el7uek

kernel-uek-debug-devel

4.1.12-124.78.2.el7uek

kernel-uek-devel

4.1.12-124.78.2.el7uek

kernel-uek-doc

4.1.12-124.78.2.el7uek

kernel-uek-firmware

4.1.12-124.78.2.el7uek

Связанные CVE

CVE-2023-3567
CVE-2022-1015
CVE-2023-3106

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-3567

CVSS3: 7.1
ubuntu
почти 2 года назад

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

redhat логотип

CVE-2023-3567

CVSS3: 7.1
redhat
больше 2 лет назад

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

nvd логотип

CVE-2023-3567

CVSS3: 7.1
nvd
почти 2 года назад

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

msrc логотип

CVE-2023-3567

CVSS3: 7.1
msrc
почти 2 года назад

Описание отсутствует

debian логотип

CVE-2023-3567

CVSS3: 7.1
debian
почти 2 года назад

A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_scree ...