ELSA-2024-2004

Опубликовано: 23 апр. 2024

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2024-2004: kernel security and bug fix update (IMPORTANT)

[3.10.0-1160.118.1.0.1]

debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.118.1]

Update Oracle Linux certificates (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.118.1]

iommu/amd: Fix NULL dereference bug in match_hid_uid (Jerry Snitselaar) [RHEL-8721]

[3.10.0-1160.117.1]

tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-18052]
tracing: Fix race in perf_trace_buf initialization (Michael Petlan) [RHEL-18052]
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28785]
vt: vt_ioctl: fix race in VT_RESIZEX (Jay Shin) [RHEL-28639] {CVE-2020-36558}
selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code (Ondrej Mosnacek) [RHEL-27751]
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]
af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]
RDMA/i40iw: Prevent zero-length STAG registration (Kamal Heib) [RHEL-6299] {CVE-2023-25775}
sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26402] {CVE-2024-26602}

[3.10.0-1160.116.1]

bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]

[3.10.0-1160.115.1]

af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

bpftool

3.10.0-1160.118.1.0.1.el7

kernel

3.10.0-1160.118.1.0.1.el7

kernel-abi-whitelists

3.10.0-1160.118.1.0.1.el7

kernel-debug

3.10.0-1160.118.1.0.1.el7

kernel-debug-devel

3.10.0-1160.118.1.0.1.el7

kernel-devel

3.10.0-1160.118.1.0.1.el7

kernel-doc

3.10.0-1160.118.1.0.1.el7

kernel-headers

3.10.0-1160.118.1.0.1.el7

kernel-tools

3.10.0-1160.118.1.0.1.el7

kernel-tools-libs

3.10.0-1160.118.1.0.1.el7

kernel-tools-libs-devel

3.10.0-1160.118.1.0.1.el7

perf

3.10.0-1160.118.1.0.1.el7

python-perf

3.10.0-1160.118.1.0.1.el7

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2023-4623

CVSS3: 7.8

ubuntu

почти 2 года назад

A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.