Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2023-12824

Опубликовано: 23 сент. 2023
Источник: oracle-oval
Платформа: Oracle Linux 8
Платформа: Oracle Linux 9

Описание

ELSA-2023-12824: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.15.0-105.125.6.2.2]

  • netfilter: nfnetlink_osf: avoid OOB read (Wander Lairson Costa) [Orabug: 35824297]
  • netfilter: nftables: exthdr: fix 4-byte stack OOB write (Florian Westphal) [Orabug: 35824297]
  • netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35824297]
  • netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35824297]
  • netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Kyle Zeng) [Orabug: 35824297] {CVE-2023-42753}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

5.15.0-105.125.6.2.2.el8uek

kernel-uek

5.15.0-105.125.6.2.2.el8uek

kernel-uek-container

5.15.0-105.125.6.2.2.el8uek

kernel-uek-container-debug

5.15.0-105.125.6.2.2.el8uek

kernel-uek-core

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-core

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-devel

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-modules

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-105.125.6.2.2.el8uek

kernel-uek-devel

5.15.0-105.125.6.2.2.el8uek

kernel-uek-doc

5.15.0-105.125.6.2.2.el8uek

kernel-uek-modules

5.15.0-105.125.6.2.2.el8uek

kernel-uek-modules-extra

5.15.0-105.125.6.2.2.el8uek

Oracle Linux x86_64

bpftool

5.15.0-105.125.6.2.2.el8uek

kernel-uek

5.15.0-105.125.6.2.2.el8uek

kernel-uek-container

5.15.0-105.125.6.2.2.el8uek

kernel-uek-container-debug

5.15.0-105.125.6.2.2.el8uek

kernel-uek-core

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-core

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-devel

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-modules

5.15.0-105.125.6.2.2.el8uek

kernel-uek-debug-modules-extra

5.15.0-105.125.6.2.2.el8uek

kernel-uek-devel

5.15.0-105.125.6.2.2.el8uek

kernel-uek-doc

5.15.0-105.125.6.2.2.el8uek

kernel-uek-modules

5.15.0-105.125.6.2.2.el8uek

kernel-uek-modules-extra

5.15.0-105.125.6.2.2.el8uek

Oracle Linux 9

Oracle Linux aarch64

bpftool

5.15.0-105.125.6.2.2.el9uek

kernel-uek

5.15.0-105.125.6.2.2.el9uek

kernel-uek-core

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-core

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-devel

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-modules

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-105.125.6.2.2.el9uek

kernel-uek-devel

5.15.0-105.125.6.2.2.el9uek

kernel-uek-doc

5.15.0-105.125.6.2.2.el9uek

kernel-uek-modules

5.15.0-105.125.6.2.2.el9uek

kernel-uek-modules-extra

5.15.0-105.125.6.2.2.el9uek

Oracle Linux x86_64

bpftool

5.15.0-105.125.6.2.2.el9uek

kernel-uek

5.15.0-105.125.6.2.2.el9uek

kernel-uek-container

5.15.0-105.125.6.2.2.el9uek

kernel-uek-container-debug

5.15.0-105.125.6.2.2.el9uek

kernel-uek-core

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-core

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-devel

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-modules

5.15.0-105.125.6.2.2.el9uek

kernel-uek-debug-modules-extra

5.15.0-105.125.6.2.2.el9uek

kernel-uek-devel

5.15.0-105.125.6.2.2.el9uek

kernel-uek-doc

5.15.0-105.125.6.2.2.el9uek

kernel-uek-modules

5.15.0-105.125.6.2.2.el9uek

kernel-uek-modules-extra

5.15.0-105.125.6.2.2.el9uek

Связанные CVE

CVE-2023-42753

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-42753

CVSS3: 7
ubuntu
больше 1 года назад

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

redhat логотип

CVE-2023-42753

CVSS3: 7
redhat
больше 1 года назад

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

nvd логотип

CVE-2023-42753

CVSS3: 7
nvd
больше 1 года назад

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

msrc логотип

CVE-2023-42753

CVSS3: 7.8
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-42753

CVSS3: 7
debian
больше 1 года назад

An array indexing vulnerability was found in the netfilter subsystem o ...