Описание
ELSA-2023-12970: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.80.1]
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814478] {CVE-2023-40283}
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814297] {CVE-2023-4208}
- RDMA/core: net: fix kernel NULL error (Zhu Yanjun) [Orabug: 35723252]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.80.1.el6uek
kernel-uek-debug
4.1.12-124.80.1.el6uek
kernel-uek-debug-devel
4.1.12-124.80.1.el6uek
kernel-uek-devel
4.1.12-124.80.1.el6uek
kernel-uek-doc
4.1.12-124.80.1.el6uek
kernel-uek-firmware
4.1.12-124.80.1.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.80.1.el7uek
kernel-uek-debug
4.1.12-124.80.1.el7uek
kernel-uek-debug-devel
4.1.12-124.80.1.el7uek
kernel-uek-devel
4.1.12-124.80.1.el7uek
kernel-uek-doc
4.1.12-124.80.1.el7uek
kernel-uek-firmware
4.1.12-124.80.1.el7uek
Связанные CVE
Связанные уязвимости
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...