kernel-3.10.0-1160.118.1.el7

エラータID: AXSA:2024-7723:11

Release date: 
Friday, April 26, 2024 - 09:47
Subject: 
kernel-3.10.0-1160.118.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes:

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)
* Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
* kernel: irdma: Improper access control (CVE-2023-25775)
* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)
* kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
CVE-2023-25775
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-4622
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
CVE-2023-4623
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.

Solution: 

Update packages.

CVEs: 
CVE-2020-36558
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
CVE-2023-2002
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
CVE-2023-25775
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-4622
A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
CVE-2023-4623
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-1160.118.1.el7.src.rpm
    MD5: e8f42e0dd757f76df3c22dfbcb6fc85a
    SHA-256: 18f6a93b43ce226308cd53b2c5d37f5053aefb656d7dc3c364ba2c4f0cf85042
    Size: 98.82 MB

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 51931eca2f2d2b7b46dcd3eef60e1238
    SHA-256: 52b0fd67de7d83799c92f0aeb5f167500e241e1ce003aa4c86ead8184379c186
    Size: 8.53 MB
  2. kernel-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 50e57ed691df8df09db607df6d818ef3
    SHA-256: 2657e34781f739007b23226eec728997e8aff2b8c758c5f836562a47f3b9f84e
    Size: 51.70 MB
  3. kernel-abi-whitelists-3.10.0-1160.118.1.el7.noarch.rpm
    MD5: 9579036fed614522fe0caf5082ed0f33
    SHA-256: aec6b9367ecd2e23b543b29bb6da88e5dc581daff8bff6e97a6911e16aec24a7
    Size: 8.10 MB
  4. kernel-debug-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 0850c49e8ccd9055a9c147724a6aff00
    SHA-256: 256e196a324319c7db696d4548d6d2a265f39bb2ace13e9166c0fbabd77078fa
    Size: 54.00 MB
  5. kernel-debug-devel-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 832510453cc910dc13115256f7dcdfaa
    SHA-256: 6b57d82d74cf8f04b072e4f6183353fcd154ed24f9b3ff52880d56b54d6b4a61
    Size: 18.09 MB
  6. kernel-devel-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 16dba65bd9bc7e74f930fa9ff948b96a
    SHA-256: 9057503f371d6bde6d8f2e88a8bc713c0bf34111fbeb4f986b75059a8c645862
    Size: 18.02 MB
  7. kernel-doc-3.10.0-1160.118.1.el7.noarch.rpm
    MD5: ce5d60b46d8c38ac325111bd98087bda
    SHA-256: 2d6cd88fe4cc9989cb63358e89ad4f2f35ecf0ce50aba22ab04d5f11f98a1663
    Size: 19.56 MB
  8. kernel-headers-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 8f547a9a74420a6494320b37cc531556
    SHA-256: 9146ac9cb28088ad7bcaf3bf523586c38448fb775827cd9a4dc43d1b6c19452b
    Size: 9.08 MB
  9. kernel-tools-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: ef09ccbd07d98aaec1d5c3312326eefb
    SHA-256: 2b6e668d3f96403b45a57a8f0697da7129e84ffbaa844103f68bf9baa9e88336
    Size: 8.19 MB
  10. kernel-tools-libs-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 2ce1bd985fef887d5931d1ed80eddadb
    SHA-256: c85e717c10a1025b06542a504f457c5ae9843356f628474bfe6e26784c4e1b8a
    Size: 8.09 MB
  11. perf-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 42df9c461c981a3e6dc94ab0db850030
    SHA-256: 5592a9bf3b0f1aa9bbb960b439215b555e3bb1fc3db1514e511f8e089d8b0d66
    Size: 9.73 MB
  12. python-perf-3.10.0-1160.118.1.el7.x86_64.rpm
    MD5: 6151dfebe38ef976cba8b30f9f024126
    SHA-256: 3d8a4d744be76e41915447eee1ebd594cb03a03a9fc51d329d8edca0d54ad4ae
    Size: 8.18 MB