Описание
A vulnerability was found in hugetlb_no_page in the mm/hugetlb.c file in the Linux Kernel, where a manipulation leads to a race condition. This flaw may allow a local attacker to cause a denial of service and can lead to a kernel information leak issue.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:2736 | 16.05.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:2951 | 16.05.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2024:0412 | 25.01.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:2458 | 09.05.2023 |
| Red Hat Enterprise Linux 9 | kernel-rt | Fixed | RHSA-2023:2148 | 09.05.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:2458 | 09.05.2023 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2024:0412 | 25.01.2024 |
Показывать по
Дополнительная информация
Статус:
7 High
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019.
Уязвимость функции hugetlb_no_page() в модуле mm/hugetlb.c подсистемы управления памятью ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации или повысить свои привилегии
ELSA-2023-2951: kernel security, bug fix, and enhancement update (IMPORTANT)
ELSA-2023-2458: kernel security, bug fix, and enhancement update (IMPORTANT)
7 High
CVSS3