Описание
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code.
Отчет
Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include MPLS routing support, which was introduced upstream in version 4.1-rc1 (commit 0189197 "mpls: Basic routing support").
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2023:6901 | 14.11.2023 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2023:7077 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | kernel | Fixed | RHSA-2024:0412 | 25.01.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | kernel | Fixed | RHSA-2024:0575 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:6583 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2023:6583 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
4.7 Medium
CVSS3
Связанные уязвимости
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...
Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP4)
4.7 Medium
CVSS3