Описание
ELSA-2024-12187: kernel security update (IMPORTANT)
[4.18.0-513.18.0.2.el8_9]
- net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623}
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623}
- x86/sev: Check for user-space IOIO pointing to kernel space {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode {CVE-2023-46813}
- RDMA/core: Fix resolve_prepare_src error cleanup {CVE-2023-2176}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
4.18.0-513.18.0.2.el8_9
kernel-cross-headers
4.18.0-513.18.0.2.el8_9
kernel-headers
4.18.0-513.18.0.2.el8_9
kernel-tools
4.18.0-513.18.0.2.el8_9
kernel-tools-libs
4.18.0-513.18.0.2.el8_9
kernel-tools-libs-devel
4.18.0-513.18.0.2.el8_9
perf
4.18.0-513.18.0.2.el8_9
python3-perf
4.18.0-513.18.0.2.el8_9
Oracle Linux x86_64
bpftool
4.18.0-513.18.0.2.el8_9
kernel
4.18.0-513.18.0.2.el8_9
kernel-abi-stablelists
4.18.0-513.18.0.2.el8_9
kernel-core
4.18.0-513.18.0.2.el8_9
kernel-cross-headers
4.18.0-513.18.0.2.el8_9
kernel-debug
4.18.0-513.18.0.2.el8_9
kernel-debug-core
4.18.0-513.18.0.2.el8_9
kernel-debug-devel
4.18.0-513.18.0.2.el8_9
kernel-debug-modules
4.18.0-513.18.0.2.el8_9
kernel-debug-modules-extra
4.18.0-513.18.0.2.el8_9
kernel-devel
4.18.0-513.18.0.2.el8_9
kernel-doc
4.18.0-513.18.0.2.el8_9
kernel-headers
4.18.0-513.18.0.2.el8_9
kernel-modules
4.18.0-513.18.0.2.el8_9
kernel-modules-extra
4.18.0-513.18.0.2.el8_9
kernel-tools
4.18.0-513.18.0.2.el8_9
kernel-tools-libs
4.18.0-513.18.0.2.el8_9
kernel-tools-libs-devel
4.18.0-513.18.0.2.el8_9
perf
4.18.0-513.18.0.2.el8_9
python3-perf
4.18.0-513.18.0.2.el8_9
Связанные CVE
Связанные уязвимости
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.