ELSA-2024-12169

Опубликовано: 22 фев. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-12169: kernel security update (IMPORTANT)

[4.18.0-513.18.0.1_9.OL8]

drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858}
nfp: fix use-after-free in area_cache_get() {CVE-2022-3545}
HID: check empty report_list in hid_validate_values() {CVE-2023-1073}
Fix double fget() in vhost_net_set_backend() {CVE-2023-1838}
can: af_can: fix NULL pointer dereference in can_rcv_filter {CVE-2023-2166}
net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921}
perf: Disallow mis-matched inherited group reads {CVE-2023-5717}
perf/core: Fix potential NULL deref {CVE-2023-5717}
nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
nvmet-tcp: fix a crash in nvmet_req_complete() {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
nvmet-tcp: remove boilerplate code {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
nvmet-tcp: Fix the H2C expected PDU len calculation {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
smb: client: fix potential OOB in cifs_dump_detail() {CVE-2023-6610}
smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610}
smb: client: fix OOB in smbCalcSize() {CVE-2023-6606}
net: tls, update curr on splice as well {CVE-2024-0646}
netfilter: nft_set_pipapo: skip inactive elements during set walk {CVE-2023-6817}
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283}
igb: set max size RX buffer when store bad packet is enabled {CVE-2023-45871}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

4.18.0-513.18.0.1.el8_9

kernel-cross-headers

4.18.0-513.18.0.1.el8_9

kernel-headers

4.18.0-513.18.0.1.el8_9

kernel-tools

4.18.0-513.18.0.1.el8_9

kernel-tools-libs

4.18.0-513.18.0.1.el8_9

kernel-tools-libs-devel

4.18.0-513.18.0.1.el8_9

perf

4.18.0-513.18.0.1.el8_9

python3-perf

4.18.0-513.18.0.1.el8_9

Oracle Linux x86_64

bpftool

4.18.0-513.18.0.1.el8_9

kernel

4.18.0-513.18.0.1.el8_9

kernel-abi-stablelists

4.18.0-513.18.0.1.el8_9

kernel-core

4.18.0-513.18.0.1.el8_9

kernel-cross-headers

4.18.0-513.18.0.1.el8_9

kernel-debug

4.18.0-513.18.0.1.el8_9

kernel-debug-core

4.18.0-513.18.0.1.el8_9

kernel-debug-devel

4.18.0-513.18.0.1.el8_9

kernel-debug-modules

4.18.0-513.18.0.1.el8_9

kernel-debug-modules-extra

4.18.0-513.18.0.1.el8_9

kernel-devel

4.18.0-513.18.0.1.el8_9

kernel-doc

4.18.0-513.18.0.1.el8_9

kernel-headers

4.18.0-513.18.0.1.el8_9

kernel-modules

4.18.0-513.18.0.1.el8_9

kernel-modules-extra

4.18.0-513.18.0.1.el8_9

kernel-tools

4.18.0-513.18.0.1.el8_9

kernel-tools-libs

4.18.0-513.18.0.1.el8_9

kernel-tools-libs-devel

4.18.0-513.18.0.1.el8_9

perf

4.18.0-513.18.0.1.el8_9

python3-perf

4.18.0-513.18.0.1.el8_9

Связанные CVE

Ссылки на источники

Связанные уязвимости

ELSA-2024-0897

oracle-oval

больше 1 года назад

ELSA-2024-0897: kernel security update (IMPORTANT)

CVE-2023-6536

CVSS3: 6.5

ubuntu

больше 1 года назад

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.

CVE-2023-6536

CVSS3: 6.5

redhat

больше 1 года назад

CVE-2023-6536

CVSS3: 6.5

nvd

больше 1 года назад

CVE-2023-6536

CVSS3: 6.5

debian

больше 1 года назад

A flaw was found in the Linux kernel's NVMe driver. This issue may all ...