kernel-4.18.0-513.11.1.el8_9
エラータID: AXSA:2024-7429:03
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
* kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)
* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)
* Kernel: UAF during login when accessing the shost ipaddress (CVE-2023-2162)
* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
CVE-2023-2162
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
CVE-2023-4622
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
CVE-2023-5633
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
Update packages.
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.
N/A
SRPMS
- kernel-4.18.0-513.11.1.el8_9.src.rpm
MD5: c3e1b4755bb97010338266211e609204
SHA-256: e2d28156d16d1e4f3de8ab60b98f4d4f535a5107ecf7f059095308a654fc9087
Size: 131.34 MB
Asianux Server 8 for x86_64
- bpftool-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 26b6181418fa978172584fb62710a7b7
SHA-256: 7cbf0db031fb6b2cd96396f44c6675056928917d6384f096b023066081b28c6a
Size: 10.78 MB - kernel-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 96c69451e4c807f3ec58521d1906382e
SHA-256: 8d0bdd8d18b2d9e8bcf540d4e65857db22d637d38210c81a9db17fb35d6f14ca
Size: 10.04 MB - kernel-abi-stablelists-4.18.0-513.11.1.el8_9.noarch.rpm
MD5: 2133598da7fe4b7dcc975156b96c1c8b
SHA-256: 6521ca73f0bd6f66d22254aae80def675f993a3f5dab2418671c0059e5a1b3ac
Size: 10.06 MB - kernel-core-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 73de5baeea423901563f8628b84d679c
SHA-256: f4b3508b76778c0a0cd5d6503bcbdf94948eb7712e9878422b49e4ce47561e84
Size: 42.86 MB - kernel-cross-headers-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 5766dada1c8df0c91db05611d3113ae8
SHA-256: a328ba4bb1ae16a88f10befbf3f3142f0e8e7298152f699df82969329a02a5fb
Size: 15.39 MB - kernel-debug-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 356799049a7778384dce9126645fbe2d
SHA-256: b197a6f88cdccb81b969116e421a36c8cca64bc0a76a94398b5d442e6d22f595
Size: 10.04 MB - kernel-debug-core-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 52de1c3c047fabc6e509cb3be5b055ad
SHA-256: 0e3472618b437e7f405bbd6fa93cabd5ef9607f966f491fd8335819f1eaccaf3
Size: 71.78 MB - kernel-debug-devel-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 847c21ad2849aece806aa754fac73172
SHA-256: 7368ddb54531b5c041eeb184762a51e4f18acf5356ed362e6f306966708ec53c
Size: 23.84 MB - kernel-debug-modules-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 854306a177971b1ebc4ee2efdcd4acb5
SHA-256: c775ce9d414a90f4758a456ac3ad24d3130aca97b8626af68e28e5e5cf2ed6a2
Size: 65.29 MB - kernel-debug-modules-extra-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: d8de501a32f352596a3c05e6f036a93d
SHA-256: ac6c8085ce9720c2a60de7dc078c1571bca8cf6ec7d41f6293ebad74c87c6288
Size: 11.42 MB - kernel-devel-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 82a4a8b8ef689cf9f3c0af5bc9d67dbb
SHA-256: b0763f6b579bec0fec6fa937bd26510a16e19ecb774cfcc264ddd3e202c0513e
Size: 23.63 MB - kernel-doc-4.18.0-513.11.1.el8_9.noarch.rpm
MD5: 46b7196b14631391b1e5c11bea7db15c
SHA-256: a1404b909fe7efbc4fc455a53f000632c75a32380106f90072cf824e6c522d3c
Size: 27.82 MB - kernel-headers-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: a24b5918af62872187dddf48898bc006
SHA-256: ad8037a34158e5ea8775d8c35fd5be03a8154ce2c40cff1513f8da106f6c977d
Size: 11.39 MB - kernel-modules-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 9c14d69d59b57dee86d5c21fbf60cf38
SHA-256: 82de349ed089db5b8e8602bc47178542e8880278d6b63bbc2e30b6b928f41df1
Size: 35.77 MB - kernel-modules-extra-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: ac163941d124211bec5d72a2b1f576e0
SHA-256: ad4357e030e63222d1ded4bce3cd9b948890b208f1927370a3a646359e4e2a16
Size: 10.73 MB - kernel-tools-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 69904583caa15b7efa609e5ef907f567
SHA-256: bdb6d361f5ac4cb3f573bf34f0dbd74748759c3ced03fdc4599b5a326c19b30c
Size: 10.26 MB - kernel-tools-libs-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: ba53f2c82c4a02f9bc4674107a3b1412
SHA-256: d70579c94497b9430fa3f7a80a5845772d233786d41fc3568538f9e0f9e22652
Size: 10.05 MB - kernel-tools-libs-devel-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 2bdba796a4578217e9924550c3df3b63
SHA-256: 41e01c5d610317e19a9fe2bc4edad7d5e5d1baf3ea902daa36c1673598158750
Size: 10.04 MB - perf-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 6c73605345ccdc028b8ef6fc7bdba315
SHA-256: 59ae75a56eacc8a910fc7d095c54886429b2b989aa57a9a5fa158e0261b90e7b
Size: 12.37 MB - python3-perf-4.18.0-513.11.1.el8_9.x86_64.rpm
MD5: 977b97952d11e62c95b4e5d3ba118f58
SHA-256: 3246d28ecba27872385c1a2af03e93e5acd9245216205965a6ad5d4952f953b9
Size: 10.17 MB
日本語