Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-10281

Опубликовано: 26 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-10281: kernel:4.18.0 security update (MODERATE)

  • [4.18.0-553.30.1_10.OL8]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.30.1_10]

  • media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043}
  • blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200]
  • rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684]
  • rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684]
  • rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684]
  • smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363]
  • cifs: Fix uninitialized memory reads for oparms.mode (Paulo Alcantara) [RHEL-60363]
  • cifs: Fix uninitialized memory read for smb311 posix symlink create (Paulo Alcantara) [RHEL-60363]
  • cifs: convert the path to utf16 in smb2_query_info_compound (Paulo Alcantara) [RHEL-60363]
  • autofs: fix thinko in validate_dev_ioctl() (Ian Kent) [RHEL-62168]
  • autofs: add per dentry expire timeout (Ian Kent) [RHEL-62168]
  • bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (Viktor Malik) [RHEL-44167] {CVE-2024-38564}

[4.18.0-553.29.1_10]

  • Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (cki-backport-bot) [RHEL-36372] {CVE-2024-27399}
  • mptcp: pm: Fix uaf in __timer_delete_sync (Guillaume Nault) [RHEL-60614] {CVE-2024-46858}
  • cifs: fix dfs link failover in cifs_tree_connect() (Paulo Alcantara) [RHEL-8002]

[4.18.0-553.28.1_10]

  • s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Mete Durlu) [RHEL-61702]
  • smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-61400]
  • smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [RHEL-61400]
  • cifs: remove useless DeleteMidQEntry() (Paulo Alcantara) [RHEL-61400]
  • Bluetooth: af_bluetooth: Fix deadlock (CKI Backport Bot) [RHEL-58991]
  • gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
  • x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Nico Pache) [RHEL-26709]
  • audit: Send netlink ACK before setting connection in auditd_set (Richard Guy Briggs) [RHEL-14004]
  • KVM: selftests: x86: Fix test failure on arch lbr capable platforms (Maxim Levitsky) [RHEL-23999]
  • raid1: fix use-after-free for original bio in raid1_write_request() (Nigel Croxon) [RHEL-55263]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.30.1.el8_10

bpftool

4.18.0-553.30.1.el8_10

kernel-cross-headers

4.18.0-553.30.1.el8_10

kernel-headers

4.18.0-553.30.1.el8_10

kernel-tools

4.18.0-553.30.1.el8_10

kernel-tools-libs

4.18.0-553.30.1.el8_10

perf

4.18.0-553.30.1.el8_10

python3-perf

4.18.0-553.30.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.30.1.el8_10

bpftool

4.18.0-553.30.1.el8_10

kernel

4.18.0-553.30.1.el8_10

kernel-abi-stablelists

4.18.0-553.30.1.el8_10

kernel-core

4.18.0-553.30.1.el8_10

kernel-cross-headers

4.18.0-553.30.1.el8_10

kernel-debug

4.18.0-553.30.1.el8_10

kernel-debug-core

4.18.0-553.30.1.el8_10

kernel-debug-devel

4.18.0-553.30.1.el8_10

kernel-debug-modules

4.18.0-553.30.1.el8_10

kernel-debug-modules-extra

4.18.0-553.30.1.el8_10

kernel-devel

4.18.0-553.30.1.el8_10

kernel-doc

4.18.0-553.30.1.el8_10

kernel-headers

4.18.0-553.30.1.el8_10

kernel-modules

4.18.0-553.30.1.el8_10

kernel-modules-extra

4.18.0-553.30.1.el8_10

kernel-tools

4.18.0-553.30.1.el8_10

kernel-tools-libs

4.18.0-553.30.1.el8_10

perf

4.18.0-553.30.1.el8_10

python3-perf

4.18.0-553.30.1.el8_10

Связанные CVE

CVE-2024-46858
CVE-2024-27043
CVE-2024-27399
CVE-2024-38564

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2024:10281

rocky
6 месяцев назад

Moderate: kernel:4.18.0 security update

ubuntu логотип

CVE-2024-46858

CVSS3: 7
ubuntu
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mp...

redhat логотип

CVE-2024-46858

CVSS3: 7
redhat
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_...

nvd логотип

CVE-2024-46858

CVSS3: 7
nvd
9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_li

msrc логотип

CVE-2024-46858

CVSS3: 7
msrc
7 месяцев назад

Описание отсутствует