kernel-4.18.0-513.24.1.el8_9

エラータID: AXSA:2024-7674:10

Release date: 
Friday, April 12, 2024 - 10:17
Subject: 
kernel-4.18.0-513.24.1.el8_9
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)
* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

CVE-2021-33631
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
CVE-2022-38096
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2023-51042
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVE-2023-6931
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
CVE-2024-0565
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVE-2024-1086
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.

Solution: 

Update packages.

CVEs: 
CVE-2021-33631
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
CVE-2022-38096
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2023-51042
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system.
CVE-2023-6931
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.
CVE-2024-0565
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVE-2024-1086
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-4.18.0-513.24.1.el8_9.src.rpm
    MD5: 7121ca671ceeaa1913e42129e17f8885
    SHA-256: 004fb03336c6694ffe70e66beab9d1c722fc448bf205583e5eedca54270ccd1a
    Size: 131.36 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: cd2fcc9bcfb9cd554ea9806413493ced
    SHA-256: b937005240ae9466ff4b247f755a96aedd917f701c702cea8690b34cce0759d3
    Size: 10.81 MB
  2. kernel-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 7b50fa22deea547872350f8f86a23306
    SHA-256: 204926ec666793c1de819b6e96c0ec0880dcb465bbe1f51af45d60cf4ca6fa2d
    Size: 10.07 MB
  3. kernel-abi-stablelists-4.18.0-513.24.1.el8_9.noarch.rpm
    MD5: 07e2e4577e3a9b47b8d8c6d2add45b8f
    SHA-256: 963fe973d9f8971052da7c835463efdea7a8433a24b50b6c88b422db0644e31a
    Size: 10.08 MB
  4. kernel-core-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 9ad3e1a695888424cee863756315f96d
    SHA-256: ee10724555757cd65119d5adf34d1956cf2ccfc8db130a1ac51b09cc9ae43df4
    Size: 42.89 MB
  5. kernel-cross-headers-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: f60293f030419fe619795db3b4b4e845
    SHA-256: 164c3d5b2007cb18bb47438adb0edec808e3778f1110b6326ec1e591273e4930
    Size: 15.41 MB
  6. kernel-debug-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 49c5aab33ce62175b2205750cadb134c
    SHA-256: a374c9975d45d3d4f455d20cfd3814392cab527c2c9e7805c944160d753f3ab2
    Size: 10.07 MB
  7. kernel-debug-core-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 88e7250c3a82c68a2b00db18a767d0e7
    SHA-256: d0dc328ea47d1ad41c7f5cbae4dc6353d6e2f3af7b17adae95ebe80a60449838
    Size: 71.80 MB
  8. kernel-debug-devel-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 28e67b724cd372711324ce337c5f39a0
    SHA-256: 71dca9bb2715798378611b7e18a1b3d208fe77bb8fc9d067a94af4e4c68f3cf0
    Size: 23.86 MB
  9. kernel-debug-modules-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: c6699ba3f28aeeccd8feede261a6cd8f
    SHA-256: ed284d7db738e8a7275e1b51b2702ccfb563c941c6327316cd0eb78e21841d34
    Size: 65.30 MB
  10. kernel-debug-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 5ea8e5619c7c8ee432402b57440b5d16
    SHA-256: 43de74b210c7619f6c6487cc29f99071dfec7d1a1bb96589996acd9f29c4d266
    Size: 11.44 MB
  11. kernel-devel-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: ffe8921d77cb00c9794d71d7d5068d0c
    SHA-256: 1bc85ff735d1bf1445ac4210f7b86aeacd2aa26dd974d1cce197dc3445136f28
    Size: 23.66 MB
  12. kernel-doc-4.18.0-513.24.1.el8_9.noarch.rpm
    MD5: 585b7c1b3950699effa0c432e9f7111a
    SHA-256: 81f5330e996d4387521ab3b9a0f36f20d8ea99dfaff377b5cd4924b16007456a
    Size: 27.89 MB
  13. kernel-headers-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 8b2b3a1443a56ff8bce23a9177147590
    SHA-256: 08a9962e11d0af0e5e20080bfbc49f918ee868a200034cdff6d69ee8e751a108
    Size: 11.42 MB
  14. kernel-modules-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: f88bde591a8c86e7eba895a4d1985363
    SHA-256: 68be99685483fd2346dcda49357c2e547941632f6b3820955c88499ff2af20ec
    Size: 35.79 MB
  15. kernel-modules-extra-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 951cb508596800ecbbde2e3971c40efc
    SHA-256: d9c72ca37743e3e2f03f9ad72141cbad345108ddfcd038d2d3b273355ee78765
    Size: 10.75 MB
  16. kernel-tools-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 3aeec0b2a137d12c5e09fa30bd1d83e7
    SHA-256: 36b5f804ea22d0e671735fc4a4e9fb0779d04f9cb3bbbc34775fe1b876cc8ba1
    Size: 10.28 MB
  17. kernel-tools-libs-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 4bad7f182ea6e20b9169d724f1577f50
    SHA-256: 519d35b7d29b06c9e1d48b5a4b185f392f9ecc86bfc72edb0792ca6836f4f7fb
    Size: 10.07 MB
  18. kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 791b3dc577ff2ccde57e609a21e8d922
    SHA-256: 0998acf9f8b5b168b47303a6c9e53af9e0fd6f5418669f4f6c53a9d8a8ead339
    Size: 10.07 MB
  19. perf-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 752a4d7cfc4b45613249d5fab8af7bf5
    SHA-256: 30c198844498936e67fc0ae556b748d51f213b8a6e0d34420c2e6c0069849c51
    Size: 12.39 MB
  20. python3-perf-4.18.0-513.24.1.el8_9.x86_64.rpm
    MD5: 701d0a809d698296c866c3cdec70068a
    SHA-256: 6c93b63a3966143bd08fe79ad2e98513b857ed91f61b535c6ed638e96d208dba
    Size: 10.19 MB