Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-12110

Опубликовано: 01 фев. 2024
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2024-12110: Unbreakable Enterprise kernel security update (IMPORTANT)

[4.1.12-124.82.2]

  • Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) [Orabug: 35959598] {CVE-2020-26555}
  • sched/rt: pick_next_rt_entity(): check list_entry (Pietro Borrello) [Orabug: 35181560] {CVE-2023-1077}
  • sched/debug: Fix SCHED_WARN_ON() to return a value on !CONFIG_SCHED_DEBUG as well (Ingo Molnar) [Orabug: 35181560]
  • sched/debug: Add SCHED_WARN_ON() (Peter Zijlstra) [Orabug: 35181560]

[4.1.12-124.82.1]

  • igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU (Eric Dumazet) [Orabug: 35924002] {CVE-2023-42752}
  • net: sched: sch_qfq: Fix UAF in qfq_dequeue() (valis) [Orabug: 35814457] {CVE-2023-4921}
  • ixgbe: fix large MTU request from VF (Samasth Norway Ananda) [Orabug: 33752821] {CVE-2021-33098}

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

kernel-uek

4.1.12-124.82.2.el6uek

kernel-uek-debug

4.1.12-124.82.2.el6uek

kernel-uek-debug-devel

4.1.12-124.82.2.el6uek

kernel-uek-devel

4.1.12-124.82.2.el6uek

kernel-uek-doc

4.1.12-124.82.2.el6uek

kernel-uek-firmware

4.1.12-124.82.2.el6uek

Oracle Linux 7

Oracle Linux x86_64

kernel-uek

4.1.12-124.82.2.el7uek

kernel-uek-debug

4.1.12-124.82.2.el7uek

kernel-uek-debug-devel

4.1.12-124.82.2.el7uek

kernel-uek-devel

4.1.12-124.82.2.el7uek

kernel-uek-doc

4.1.12-124.82.2.el7uek

kernel-uek-firmware

4.1.12-124.82.2.el7uek

Связанные CVE

CVE-2023-42752
CVE-2021-33098
CVE-2023-1077
CVE-2020-26555
CVE-2023-4921

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2023-42752

CVSS3: 5.5
ubuntu
около 2 лет назад

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

redhat логотип

CVE-2023-42752

CVSS3: 5.5
redhat
около 2 лет назад

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

nvd логотип

CVE-2023-42752

CVSS3: 5.5
nvd
около 2 лет назад

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

msrc логотип

CVE-2023-42752

CVSS3: 5.5
msrc
около 2 лет назад

Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access

debian логотип

CVE-2023-42752

CVSS3: 5.5
debian
около 2 лет назад

An integer overflow flaw was found in the Linux kernel. This issue lea ...