kernel-3.10.0-1160.102.1.el7

エラータID: AXSA:2023-6501:28

Release date: 
Friday, October 13, 2023 - 10:54
Subject: 
kernel-3.10.0-1160.102.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
* kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Low memory deadlock with md devices and external (imsm) metadata handling (BZ#1703180)
* cifs: memory leak in smb2_query_symlink (BZ#2166706)
* bnxt_en: panic in bnxt_tx_int Redux (BZ#2175062)
* NFS client loop in BIND_CONN_TO_SESSION (BZ#2219604)

CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-35001
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVE-2023-3609
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.

Solution: 

Update packages.

CVEs: 
CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-35001
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
CVE-2023-3609
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-1160.102.1.el7.src.rpm
    MD5: a8b07e5c7e14d624587ead650cf4e3f6
    SHA-256: a1af1d19ba4ac9f9400b7a618fdc44f4803149c0baa74087c0dd4e738cb594e8
    Size: 100.05 MB

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 1cbdd496673ead7d40387cb6bc2d137d
    SHA-256: c81f0fe6277906b858c47b9f2cffd8e1523f8f2114f7b4cbbb748894c1c324b7
    Size: 8.52 MB
  2. kernel-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 3081fd72e99396fcae6358ae2cf32df1
    SHA-256: f712cd8a81301e79211e131edcf3cbd0789dbc3f63807488980389472dc0464e
    Size: 51.69 MB
  3. kernel-debug-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 15b27d2997618207e3dfe2269901cd58
    SHA-256: 3c19948bebb18188a53787eb4bafc1c6ace5837a05500fff4848de878b1ab55c
    Size: 54.00 MB
  4. kernel-debug-devel-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: b476fef611d92741e7d23b54eb178445
    SHA-256: f4590c2f3a79b5119b0085e2b4fc7240890fc3e2d964a70d987823224009141b
    Size: 18.08 MB
  5. kernel-devel-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: a0718da49d0670fa539b226009f6f567
    SHA-256: 847576bdb1403408192b256527a7505670c0f35f14029fc8fbb90c61d75565c7
    Size: 18.01 MB
  6. kernel-doc-3.10.0-1160.102.1.el7.noarch.rpm
    MD5: 1eaaa158873f26ca5787ad38755f983e
    SHA-256: 7fa09909838f5fc3043e496a2c3d536a80197cd86ca5c521248abed69643700b
    Size: 19.55 MB
  7. kernel-headers-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 44ada4976581ee824c043f94835a17de
    SHA-256: 9f932dade8a207d7cdf8ccb85f163ec48315cee45132b5ef36d2388237f1f2cd
    Size: 9.08 MB
  8. kernel-tools-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 314f137478736a6b0c8ea2ac05f1f754
    SHA-256: bd39bb2f9a54d819573f88f0e069e990fd512c257da986e9d3625f76e73853fa
    Size: 8.18 MB
  9. kernel-tools-libs-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: e0745323a882a4782fdf6e65e6623c47
    SHA-256: 765cf3d603f9a96f86871eed27b07017b41eaee57e552bdc75b559225d3d6793
    Size: 8.08 MB
  10. perf-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 676d3189449f1ab6be13693331e25329
    SHA-256: 4673372250875a3e37303bb6d0e0edd3c13f6086af346f5bbc088021622f0d96
    Size: 9.73 MB
  11. python-perf-3.10.0-1160.102.1.el7.x86_64.rpm
    MD5: 4500dccb7e696f2006f068fcd4011043
    SHA-256: 2301ea2d9e5026f7120a7a2b940163c3ced5ddd26e9ab20e5764b88934159a23
    Size: 8.17 MB