Описание
ELSA-2023-4377: kernel security, bug fix, and enhancement update (IMPORTANT)
[5.14.0-284.25.1.0.1_2]
- Fix KVM: x86/mmu: Fix race condition in direct_page_fault [Orabug: 35673032] {CVE-2022-45869}
[5.14.0-284.25.1_2]
- KVM: x86/mmu: Fix race condition in direct_page_fault
- prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458}
- x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998}
- ipvlan: Fix out of bounds caused by unclear skb->cb {CVE-2023-3090}
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt {CVE-2023-35788}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
bpftool
7.0.0-284.25.1.0.1.el9_2
kernel-cross-headers
5.14.0-284.25.1.0.1.el9_2
kernel-headers
5.14.0-284.25.1.0.1.el9_2
kernel-tools
5.14.0-284.25.1.0.1.el9_2
kernel-tools-libs
5.14.0-284.25.1.0.1.el9_2
kernel-tools-libs-devel
5.14.0-284.25.1.0.1.el9_2
perf
5.14.0-284.25.1.0.1.el9_2
python3-perf
5.14.0-284.25.1.0.1.el9_2
Oracle Linux x86_64
bpftool
7.0.0-284.25.1.0.1.el9_2
kernel
5.14.0-284.25.1.0.1.el9_2
kernel-abi-stablelists
5.14.0-284.25.1.0.1.el9_2
kernel-core
5.14.0-284.25.1.0.1.el9_2
kernel-cross-headers
5.14.0-284.25.1.0.1.el9_2
kernel-debug
5.14.0-284.25.1.0.1.el9_2
kernel-debug-core
5.14.0-284.25.1.0.1.el9_2
kernel-debug-devel
5.14.0-284.25.1.0.1.el9_2
kernel-debug-devel-matched
5.14.0-284.25.1.0.1.el9_2
kernel-debug-modules
5.14.0-284.25.1.0.1.el9_2
kernel-debug-modules-core
5.14.0-284.25.1.0.1.el9_2
kernel-debug-modules-extra
5.14.0-284.25.1.0.1.el9_2
kernel-debug-uki-virt
5.14.0-284.25.1.0.1.el9_2
kernel-devel
5.14.0-284.25.1.0.1.el9_2
kernel-devel-matched
5.14.0-284.25.1.0.1.el9_2
kernel-doc
5.14.0-284.25.1.0.1.el9_2
kernel-headers
5.14.0-284.25.1.0.1.el9_2
kernel-modules
5.14.0-284.25.1.0.1.el9_2
kernel-modules-core
5.14.0-284.25.1.0.1.el9_2
kernel-modules-extra
5.14.0-284.25.1.0.1.el9_2
kernel-tools
5.14.0-284.25.1.0.1.el9_2
kernel-tools-libs
5.14.0-284.25.1.0.1.el9_2
kernel-tools-libs-devel
5.14.0-284.25.1.0.1.el9_2
kernel-uki-virt
5.14.0-284.25.1.0.1.el9_2
perf
5.14.0-284.25.1.0.1.el9_2
python3-perf
5.14.0-284.25.1.0.1.el9_2
rtla
5.14.0-284.25.1.0.1.el9_2
Ссылки на источники
Связанные уязвимости
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
A speculative pointer dereference problem exists in the Linux Kernel o ...