kernel-3.10.0-1160.119.1.0.3.el7.AXS7

エラータID: AXSA:2024-8831:30

Release date: 
Thursday, September 26, 2024 - 09:09
Subject: 
kernel-3.10.0-1160.119.1.0.3.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux
operating system. The kernel handles the basic functions of the operating
system: memory allocation, process allocation, device input and output, etc.

Security Fix(es):

* xen/blkfront: force data bouncing when backend is untrusted {CVE-2022-33742}
* ALSA: Fix deadlocks with kctl removals at disconnection {CVE-2024-38600}
* net: fix out-of-bounds access in ops_init {CVE-2024-36883}

CVE(s):
CVE-2024-38600
In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state. Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing. While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now.
CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic.
CVE-2022-33742
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. bpftool-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 5a8d62fd8d20f0dff7ced19730c66ba1
    SHA-256: f6355459d6daa0f08ee0393500031d94941368685301a3d6593b3d177e88eb41
    Size: 8.53 MB
  2. kernel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 601eac9b4f93ae07214ef1c2efd9a39b
    SHA-256: 30e8c85a2e96058322be4b1e801e08d09097827ccad2fb5745520b34e25bb74f
    Size: 51.74 MB
  3. kernel-abi-whitelists-3.10.0-1160.119.1.0.3.el7.AXS7.noarch.rpm
    MD5: 3316043e4b3077eb0aeab9e2786aed2a
    SHA-256: 7be00b7831d93f2ee30046aeb6efb980d9aad406cc6bb1cb08d0cfd2408555f4
    Size: 8.10 MB
  4. kernel-debug-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: a84b44ebae4bda0e731448562f573471
    SHA-256: c663206cc26446e60c58e7f60e4af042eb35c246befdc3177ba4f0f81d66e9c9
    Size: 54.03 MB
  5. kernel-debug-devel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 0fac52f030c6f2442c094bbebd5960ee
    SHA-256: 0e030db11354d633c4e9518c4c336e086d1545724b609301fbecb5e68c96d23d
    Size: 18.13 MB
  6. kernel-devel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: a315824d94ba1d1b25166708470334c6
    SHA-256: 7e057203bf0445d6c05d5d91d60f1b3bc799e4f4a5ec6b0afba25d3ae75a7e0a
    Size: 18.07 MB
  7. kernel-doc-3.10.0-1160.119.1.0.3.el7.AXS7.noarch.rpm
    MD5: 09af67a130a9c2fc96b778aa1a8b445f
    SHA-256: 9d2ca4fd4e094673ada9635474fd4efe342f02ba6a5f1cb3c362ff5ffdd7348b
    Size: 19.57 MB
  8. kernel-headers-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 49c5d8f36d4813e9d42ee3078b977054
    SHA-256: db6b6b0e8cd3815e57d3e30af1b5fbefe84fcafc38f2d3eaef6081391c082cde
    Size: 9.09 MB
  9. kernel-tools-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: b13d1e1063ef83d6996b2c8d273da9fd
    SHA-256: debc5551ca6759bcfb1b673f40a53fdca55d25c8a9cf9618024e2eb3f9a660d8
    Size: 8.20 MB
  10. kernel-tools-libs-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: a2ef7884391cd102d878c0f4bd5ac516
    SHA-256: 9dbe0d18745926f8fa2376c588bb2e159d790be856bf174d687cbc245a60c881
    Size: 8.10 MB
  11. perf-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: ca4d23dd6e1854e0474de56f07a37e69
    SHA-256: 52cb7433c920527e665dbb988e3596e6159aaa7013fd649a30850044a03c7a37
    Size: 9.74 MB
  12. python-perf-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
    MD5: 95c94ca25d8649ddd754730c99bdca5c
    SHA-256: 54c16bc3ae44b7132b9680decbeeb1ce5a1b4c70d847629789e888fa851b1cf1
    Size: 8.19 MB