Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:1550

Опубликовано: 26 апр. 2022
Источник: rocky
Оценка: Important

Описание

Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: use-after-free in RDMA listen() (CVE-2021-4028)

  • kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Backport DFS fixes from upstream (BZ#2056329)

  • [Rocky Linux8.5] lpfc driver often fails to detect storage directly connected to Broadcom FC HBA (BZ#2058193)

  • nf_reinject calls nf_queue_entry_free on an already freed entry->state (BZ#2061446)

  • gfs2 blocking in gdlm_lock (BZ#2069750)

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64348.23.1.el8_5bpftool-4.18.0-348.23.1.el8_5.x86_64.rpm
kernelx86_64348.23.1.el8_5kernel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-abi-stablelistsnoarch348.23.1.el8_5kernel-abi-stablelists-4.18.0-348.23.1.el8_5.noarch.rpm
kernel-corex86_64348.23.1.el8_5kernel-core-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-cross-headersx86_64348.23.1.el8_5kernel-cross-headers-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debugx86_64348.23.1.el8_5kernel-debug-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-corex86_64348.23.1.el8_5kernel-debug-core-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-develx86_64348.23.1.el8_5kernel-debug-devel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-modulesx86_64348.23.1.el8_5kernel-debug-modules-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-debug-modules-extrax86_64348.23.1.el8_5kernel-debug-modules-extra-4.18.0-348.23.1.el8_5.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-4028
CVE-2022-25636

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2022-1550

oracle-oval
больше 3 лет назад

ELSA-2022-1550: kernel security and bug fix update (IMPORTANT)

ubuntu логотип

CVE-2021-4028

CVSS3: 7.8
ubuntu
больше 3 лет назад

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

redhat логотип

CVE-2021-4028

CVSS3: 7
redhat
около 4 лет назад

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

nvd логотип

CVE-2021-4028

CVSS3: 7.8
nvd
больше 3 лет назад

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

debian логотип

CVE-2021-4028

CVSS3: 7.8
debian
больше 3 лет назад

A flaw in the Linux kernel's implementation of RDMA communications man ...