Описание
ELSA-2023-5244: kernel security, bug fix, and enhancement update (IMPORTANT)
[4.18.0-477.27.0.1_8.OL8]
- bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002}
- ipvlan:Fix out-of-bounds caused by unclear skb->cb {CVE-2023-3090}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776}
- netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001}
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() {CVE-2023-35788}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
4.18.0-477.27.0.1.el8_8
kernel-cross-headers
4.18.0-477.27.0.1.el8_8
kernel-headers
4.18.0-477.27.0.1.el8_8
kernel-tools
4.18.0-477.27.0.1.el8_8
kernel-tools-libs
4.18.0-477.27.0.1.el8_8
kernel-tools-libs-devel
4.18.0-477.27.0.1.el8_8
perf
4.18.0-477.27.0.1.el8_8
python3-perf
4.18.0-477.27.0.1.el8_8
Oracle Linux x86_64
bpftool
4.18.0-477.27.0.1.el8_8
kernel
4.18.0-477.27.0.1.el8_8
kernel-abi-stablelists
4.18.0-477.27.0.1.el8_8
kernel-core
4.18.0-477.27.0.1.el8_8
kernel-cross-headers
4.18.0-477.27.0.1.el8_8
kernel-debug
4.18.0-477.27.0.1.el8_8
kernel-debug-core
4.18.0-477.27.0.1.el8_8
kernel-debug-devel
4.18.0-477.27.0.1.el8_8
kernel-debug-modules
4.18.0-477.27.0.1.el8_8
kernel-debug-modules-extra
4.18.0-477.27.0.1.el8_8
kernel-devel
4.18.0-477.27.0.1.el8_8
kernel-doc
4.18.0-477.27.0.1.el8_8
kernel-headers
4.18.0-477.27.0.1.el8_8
kernel-modules
4.18.0-477.27.0.1.el8_8
kernel-modules-extra
4.18.0-477.27.0.1.el8_8
kernel-tools
4.18.0-477.27.0.1.el8_8
kernel-tools-libs
4.18.0-477.27.0.1.el8_8
kernel-tools-libs-devel
4.18.0-477.27.0.1.el8_8
perf
4.18.0-477.27.0.1.el8_8
python3-perf
4.18.0-477.27.0.1.el8_8
Ссылки на источники
Связанные уязвимости
ELSA-2023-5069: kernel security, bug fix, and enhancement update (IMPORTANT)
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.