Описание
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
-
kernel: nfsd: fix RELEASE_LOCKOWNER (CVE-2024-26629)
-
kernel: mm: cachestat: fix folio read-after-free in cache walk (CVE-2024-26630)
-
kernel: mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (CVE-2024-26720)
-
kernel: Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886)
-
kernel: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (CVE-2024-26946)
-
kernel: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (CVE-2024-35791)
-
kernel: mm: cachestat: fix two shmem bugs (CVE-2024-35797)
-
kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems (CVE-2024-35875)
-
kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (CVE-2024-36000)
-
kernel: iommufd: Fix missing update of domains_itree after splitting iopt_area (CVE-2023-52801)
-
kernel: net: fix out-of-bounds access in ops_init (CVE-2024-36883)
-
kernel: regmap: maple: Fix cache corruption in regcache_maple_drop() (CVE-2024-36019)
-
kernel: usb-storage: alauda: Check whether the media is initialized (CVE-2024-38619)
-
kernel: net: bridge: mst: fix vlan use-after-free (CVE-2024-36979)
-
kernel: scsi: qedf: Ensure the copied buf is NUL terminated (CVE-2024-38559)
-
kernel: xhci: Handle TD clearing for multiple streams case (CVE-2024-40927)
-
kernel: cxl/region: Fix memregion leaks in devm_cxl_add_region() (CVE-2024-40936)
-
kernel: net/sched: Fix UAF when resolving a clash (CVE-2024-41040)
-
kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)
-
kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)
-
kernel: PCI/MSI: Fix UAF in msi_capability_init (CVE-2024-41096)
-
kernel: xdp: Remove WARN() from __xdp_reg_mem_model() (CVE-2024-42082)
-
kernel: x86: stop playing stack games in profile_pc() (CVE-2024-42096)
-
kernel: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (CVE-2024-42102)
-
kernel: mm: avoid overflows in dirty throttling logic (CVE-2024-42131)
-
kernel: nvme: avoid double free special payload (CVE-2024-41073)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Ссылки на источники
Исправления
- Red Hat - 2265797
- Red Hat - 2269434
- Red Hat - 2269436
- Red Hat - 2273141
- Red Hat - 2275678
- Red Hat - 2278206
- Red Hat - 2281052
- Red Hat - 2281151
- Red Hat - 2281727
- Red Hat - 2281968
- Red Hat - 2282709
- Red Hat - 2284271
- Red Hat - 2284402
- Red Hat - 2293273
- Red Hat - 2293276
- Red Hat - 2293440
- Red Hat - 2297511
- Red Hat - 2297520
- Red Hat - 2300409
- Red Hat - 2300414
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0000000000000000, p4d...
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=0...
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can call that. However, we never check the permission flags when someone remounts the filesystem as RW. As a result this leads to a crash looking like this: $ mount -o remount,rw /sys/firmware/efi/efivars $ efi-updatevar -f PK.auth PK [ 303.279166] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 303.280482] Mem abort info: [ 303.280854] ESR = 0x0000000086000004 [ 303.281338] EC = 0x21: IABT (current EL), IL = 32 bits [ 303.282016] SET = 0, FnV = 0 [ 303.282414] EA = 0, S1PTW = 0 [ 303.282821] FSC = 0x04: level 0 translation fault [ 303.283771] user pgtable: 4k pages, 48-bit VAs, pgdp=000000004258c000 [ 303.284913] [0000000000000000] pgd=
In the Linux kernel, the following vulnerability has been resolved: e ...