kernel-5.14.0-284.25.1.el9_2
エラータID: AXSA:2023-6330:22
以下項目について対処しました。
[Security Fix]
- KVM には、TDP MMU 機能を有効化した環境でネストされた仮想化を
利用している場合におけるレースコンディションの問題があるため、
ゲスト OS 上の攻撃者により、ホスト OS のメモリ破壊やホスト OS の
クラッシュに起因するサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2022-45869)
- do_prlimit() 関数には、投機的なポインタデリファレンスの問題が
あるため、ローカルの攻撃者により、情報漏洩を可能とする脆弱性が
存在します。(CVE-2023-0458)
- kernel には、Spectre 脆弱性に対する CPU 側の緩和機能である基本
IBRS 機能を有効にした際、同様の目的を持つ STIBP 機能が有効化
されない問題があるため、ローカルの攻撃者により、ハイパースレディング
機能を用いて CPU コアを共有する細工されたプロセスを介して、サイド
チャネル攻撃による情報漏洩を可能とする脆弱性が存在します。
(CVE-2023-1998)
- ipvlan ドライバーには、ヒープ領域の範囲外書き込みの問題がある
ため、ローカルの攻撃者により、ローカルの権限昇格やサービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2023-3090)
- TC (Traffic Control) flower クラスフィルタの fl_set_geneve_opt()
関数には、メモリ領域の範囲外書き込みの問題があるため、ローカルの
攻撃者により、細工された TCA_FLOWER_KEY_ENC_OPTS_GENEVE
パケットの送信を介して、特権昇格やサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-35788)
パッケージをアップデートしてください。
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
N/A
SRPMS
- kernel-5.14.0-284.25.1.el9_2.src.rpm
MD5: 4e3b8b63bc96df976be97355b62fb032
SHA-256: 571ead5042b1def689e625171b8adb9fba0e1d6bf6b0e0acae3a89c75d21860d
Size: 138.40 MB
Asianux Server 9 for x86_64
- bpftool-7.0.0-284.25.1.el9_2.x86_64.rpm
MD5: 6e729d9f4a548b1cdbf20043e7fbec75
SHA-256: d0884a37fc9ea1501540064d4dcdeeba873c47cb3c050f0aeff9efccd9cc6cd2
Size: 4.18 MB - kernel-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 5bd09c4494689324728a6456deefbe34
SHA-256: 34d89d9363780d56765243bec1d6a07731de997eeff1efc5c952b845d0c0fa4e
Size: 3.43 MB - kernel-abi-stablelists-5.14.0-284.25.1.el9_2.noarch.rpm
MD5: 67f789412211e0dcbaf1ba5884caa943
SHA-256: f2301b431dfa10ff698ab9fac1b8b617a8a3e8789092a00ee4eae3c5875491ef
Size: 3.44 MB - kernel-core-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 277309f65d5e43a5c75e40663279fbbf
SHA-256: ab0f40693200cabbff03a54700e3c609a4071f81d3d87d44d9934ed25ab9ce58
Size: 16.65 MB - kernel-cross-headers-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: d32820295772c9363a0a9a6b2befbeb4
SHA-256: fcffb5f19d809699795ebd3a777b2493f8dbc5f0727f6885f51be1498fe7ca55
Size: 9.00 MB - kernel-debug-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: f0ae8f04bd8c7a026ccda407cef7e7b3
SHA-256: 3de2e66a093be22b10f0ad02535122a927e5eec593989441f08fbf87ecbe2c3b
Size: 3.43 MB - kernel-debug-core-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: d5d990cdaf45b6b50cde1b28fc4c701a
SHA-256: da3b8ecd15ac0454d1162fddbe2a3ac931c381aebfdcfc2d197de7e272678af9
Size: 27.70 MB - kernel-debug-devel-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 07815fea408f7eff0c0268529ad48b02
SHA-256: 326f0d51390754410baf0a686b45d301d9e712f157b32bf10867933ad042c822
Size: 18.62 MB - kernel-debug-devel-matched-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 2b3ae17944997c82703acfd4235f42ee
SHA-256: 9ca66ec39a5ac6cddbf0b37162ee07e0fd5a9c599f0e3b209954a7a5f6996092
Size: 3.43 MB - kernel-debug-modules-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 7403ac1bb01ad2931423bf029fab4b67
SHA-256: 473791fe024c26a35c0c9c2fa3f14ed66a641b38f6876a02b22bae4a846d72fa
Size: 58.60 MB - kernel-debug-modules-core-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: d544e836eeae9dccbde57fd63c4b1072
SHA-256: 2f1543936b5002a0cc735370f34a68ee88c2d4c7437df7539aadb119adf4bfc7
Size: 50.60 MB - kernel-debug-modules-extra-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: c9acd8c47d4275dc72fa2891d4952d27
SHA-256: 6ecac5eb0f88a4bb36a7290c59c4613b9120ec74b93983fab2d38558456b737f
Size: 4.43 MB - kernel-debug-uki-virt-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 45a95922d5c4a6ca06a0de208d683b03
SHA-256: a864a2b85a156fdf9052f08c46a11bbb177addaf7ed014a44165839fd474124e
Size: 71.81 MB - kernel-devel-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 05fcba0873cff34bbccada8f6582e0f8
SHA-256: 09406851569bd09027a8324cb03fbe5de678039ad204b09da974a03fc0282c11
Size: 18.63 MB - kernel-devel-matched-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: e3e8e6d4238bd3c8f8d941f30c24f179
SHA-256: 7c1fade31f552c94c87ea3458bfa6a690718308352f3ac5f73262513caa11037
Size: 3.43 MB - kernel-doc-5.14.0-284.25.1.el9_2.noarch.rpm
MD5: f657fb7473a49b4384e1753e2ef30238
SHA-256: bef7dc1b42a2653c015324150290cd7736311cb130eae56c6fc7fef957f09fab
Size: 31.87 MB - kernel-headers-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 3471721bbc3da016ac952aef772f2fd1
SHA-256: 61270b1996185ffd7400b94e8545aa83d65e2d0970fce16f42270b1169e4919b
Size: 4.84 MB - kernel-modules-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: b73e3b96e7525a3592104c1d6533bebf
SHA-256: b07adaad0e3ae4093c646da96e19ab33a9f768f7231bf58df805a19b61fea017
Size: 37.23 MB - kernel-modules-core-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: f6bb54740f896c9b1ec32adedb515491
SHA-256: 49b73021fb778d8aa5b7ee74af8af0f8bd980f28374db9e370f856c858c25608
Size: 35.46 MB - kernel-modules-extra-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: cccdf87310f8644baacaae72c3166c51
SHA-256: a41c8e2619a6d7f1e99fa17718b8909136a0ce76868a6367ebda9ed03eda83e2
Size: 4.11 MB - kernel-tools-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 3b7d09d5c4168627299e52502574174c
SHA-256: d25f9f514cb2064db7ce9fdd1967b5d7b2a9f1fc9f10424535cd71b1d6134286
Size: 3.65 MB - kernel-tools-libs-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 1cb3bfefe752bd6fd091f3bffb651f26
SHA-256: 21855fcf226d49164e0894d2d50692b8e2bd70683eb1b8b7cfe77a78eff4ece2
Size: 3.44 MB - kernel-tools-libs-devel-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 535bd4e8778146f35aff9bd58f72a9a9
SHA-256: 1163277ef12a6de11c0b5a295a4c034e0ea72922e34a5bd99e524f6c87e06483
Size: 3.43 MB - kernel-uki-virt-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: c78f152a8d9a6cf083d0fbf14648c18b
SHA-256: 9efe30b83eaed80843ffd36e263858199145bea9df991999a5a58783931a8d89
Size: 53.79 MB - perf-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 32340f99564faf3e2dc9be031d7052b3
SHA-256: ed4708045342993444513b3b644d0d025030a668554e5616de195529fc9b8674
Size: 5.81 MB - python3-perf-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: 2255947ea6d36be1716e682b2f9a1e1e
SHA-256: 83c695b488066b18ee88736171010ea76ba39d91589b0d864af20ac19859def6
Size: 3.56 MB - rtla-5.14.0-284.25.1.el9_2.x86_64.rpm
MD5: c1e452b22edeeaca1d6241d3f1bb7b5b
SHA-256: 582fdad255d644f4a1393ea11585017b77beca251f02bc06e9f289b1bfb792a8
Size: 3.46 MB