kernel-4.18.0-425.19.2.el8_7
エラータID: AXSA:2023-5273:11
リリース日:
2023/04/07 Friday - 00:56
題名:
kernel-4.18.0-425.19.2.el8_7
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Traffic Control サブシステムには、CPU ソフトロックアップ (ABBA
デッドロック) を引き起こす問題があるため、ローカルの非特権ユーザー
により、送信パケットを入力インターフェースにリダイレクトする特定
のネットワーク設定を介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2022-4269)
- sysctl サブシステムには、スタック領域のオーバーフローの問題が
あるため、ローカルの攻撃者により、特定のシステムパラメーターの
変更を介して、特権昇格やクラッシュの発生に起因するサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2022-4378)
- sound サブシステムには、ロック処理が漏れていたことに起因する
解放後利用の問題があるため、ローカルの攻撃者により、特権昇格を
可能とする脆弱性が存在します。(CVE-2023-0266)
- OverlayFS には、ユーザー ID のマッピング機能に問題があるため、
ローカルの攻撃者により、nosuid オプションを指定してマウントした
ボリュームから他のボリュームへのファイルのコピーを介して、特権
昇格を可能とする脆弱性が存在します。(CVE-2023-0386)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-4269
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.
CVE-2022-4378
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-0266
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e
CVE-2023-0386
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-4.18.0-425.19.2.el8_7.src.rpm
MD5: 5d785d9967892c38017dfdc9b7ff4dd5
SHA-256: d7ffd95aa239908b8dad37bff01dc302a1122986c9b153df111c1b8b570c13f5
Size: 126.60 MB
Asianux Server 8 for x86_64
- bpftool-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: ffabd2ac47689523da18e35852244f4e
SHA-256: 8414c5f2a3f99a70f4d148557800d87cdaa49489ac01445042784b02cb7df029
Size: 9.59 MB - kernel-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 823e80ea537dd949f63ae842119964ef
SHA-256: 6fab6a9f24a72e8b6eee153e6ade214c9360157adad08456ed75db56ea4bdf03
Size: 8.85 MB - kernel-abi-stablelists-4.18.0-425.19.2.el8_7.noarch.rpm
MD5: 536daf2bc0b0bba721fd7f467e15f873
SHA-256: 9675ec04007bd56b0a89b385c28bbd21aac5c7e7dcdddda30b826161ed2cd3f3
Size: 8.87 MB - kernel-core-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 4234f9f9dfd7cdf4bb1b188081463281
SHA-256: 583fff8e7bd2c5d5ea21c1898cd3bdab7f91f9c84d334abbfddf10e613b8823f
Size: 40.89 MB - kernel-cross-headers-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 1227840b0e49bd5a075e5cb673afb3e3
SHA-256: c2bc9d59154a6347a4d5edb59d2fe95a120392b5ba11da01dafd50d74a4a524d
Size: 14.10 MB - kernel-debug-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: e7bff19e7c7c354d985258c6e9242bde
SHA-256: 265d6612683ddf18d685b3b7a29ee5f6e57c387da4924ef51bc3a05ef9a6602a
Size: 8.85 MB - kernel-debug-core-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: d7a9e9cbbb47a28da28f588741b785e6
SHA-256: db1436b8585dbf1fc145f80d87280e8a23673e1f264aae002ee5370a58e8d5c0
Size: 69.48 MB - kernel-debug-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 193e9abd625060becc01a9fac5e1df17
SHA-256: 6868b6482f11320c83ae26bca9e1c923603542206c69515474f31678dbbe95c5
Size: 22.44 MB - kernel-debug-modules-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 7a4b3e38bd32428fb13d7389a345f91d
SHA-256: 6d3700b343c8d05a32d346a0e0ace03a4a06e06923801ade2ce9bb211ab968f6
Size: 61.13 MB - kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: b91c96aaab1aec0ec49c57bac63d8e59
SHA-256: d64daed26fa000f713f46223adc54f06c77514c9accbcb90732e3c78a23ca717
Size: 10.22 MB - kernel-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 6f5b2721763e7c0e5fb10a33e2a8099a
SHA-256: 4bbce6235273eae2ee92b2cf1e3cd02a3c98111510b1a5a8193a1a33542d5dd5
Size: 22.25 MB - kernel-doc-4.18.0-425.19.2.el8_7.noarch.rpm
MD5: 78e8de549d65c3c5ae90d952126366c8
SHA-256: 13692740c5c8e916c124e6aa958c0ccea98d1f27b672e89f718da6349cd0a0d7
Size: 26.47 MB - kernel-headers-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 98daa031994db495cd45d6f48b71d610
SHA-256: 8af32784aa36d4d5a86f16040fbf9e90c70c25ac4253b7a8b6fecfe9ff93003c
Size: 10.18 MB - kernel-modules-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 6e79a6b9c61af9d4f43a95e0ba31b714
SHA-256: 58b5718cf6774bb1d9b8ba65ea4ca4dfbb94af782b938f60939a9450c0a16c49
Size: 33.21 MB - kernel-modules-extra-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 2351e4a51a739d0f1c1fa2ce7c514d69
SHA-256: e6cf70991744394f9938b60f342320bc81515d933d8f48b1ce8974072e71f9a5
Size: 9.53 MB - kernel-tools-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 60efa977963fc69cb236dee7ec379734
SHA-256: 836f650ac6b880c037273b7e22b88a7bf739f8987e923f2fbbc6c07ea3cbbf49
Size: 9.07 MB - kernel-tools-libs-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 2cb3b089675be155a8ccd1cc733229c7
SHA-256: 5079c70653ed25397171fa4833873804939d4fbc4955481f1721d3a33b6a8e9e
Size: 8.86 MB - kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 02d607a50da956376955f62b3f851a3f
SHA-256: df76b6c3cd2dec42a42720ab1288245abc608b05c29011b4ce04b6e1feba4354
Size: 8.86 MB - perf-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: b899affd07357ccd18a9ecff599b5ef9
SHA-256: 2b451bb0f0b78ad8ff9b2ebd8097c56930ad0f78216e0367fe05b1137110402f
Size: 11.18 MB - python3-perf-4.18.0-425.19.2.el8_7.x86_64.rpm
MD5: 33a99a1873965757279f2ce77b75e04c
SHA-256: d7acd6e2278b08c14914b19bd1c1353ab44f92edf104f63570febb76e5a0fbcb
Size: 8.98 MB