kernel-4.18.0-477.21.1.el8_8

エラータID: AXSA:2023-6359:23

リリース日: 
2023/08/25 Friday - 04:24
題名: 
kernel-4.18.0-477.21.1.el8_8
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- net/bluetooth/l2cap_core.c の l2cap_connect() 関数と
l2cap_le_connect_req() 関数 には、メモリ領域の解放後利用の問題が
あるため、Bluetooth 経由での通信が可能な範囲にいる攻撃者により、
任意のコードの実行やカーネル空間のメモリの漏洩を可能とする脆弱性
が存在します。(CVE-2022-42896)

- トラフィックコントロールインデックスフィルター機能の
tcf_exts_exec() 関数には、メモリ領域の解放後利用の問題があるため、
ローカルの攻撃者により、特権昇格を可能とする脆弱性が存在します。
(CVE-2023-1281)

- トラフィックコントロールインデックスフィルター機能には、
tcindex_delete() 関数の処理の欠落に起因したメモリ領域の解放後利用の
問題があるため、ローカルの攻撃者により、特権昇格を可能とする脆弱性
が存在します。(CVE-2023-1829)

- XFS ファイルシステムのイメージの復元処理には、境界外書き込みの
問題があるため、ローカルの攻撃者により、クラッシュやシステム上の
特権昇格を可能とする脆弱性が存在します。(CVE-2023-2124)

- SLIMpro I2C デバイスドライバーには、メモリ領域の範囲外書き込み
の問題があるため、ローカルの攻撃者により、任意のコードの実行や
クラッシュに起因するサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-2194)

- kernel/events/core.c の perf_group_detach() には、解放後利用の
問題があるため、ローカルの攻撃者により、特権昇格を可能とする脆弱性
が存在します。(CVE-2023-2235)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-42896
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url
CVE-2023-1281
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.
CVE-2023-1829
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.
CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2194
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
CVE-2023-2235
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-4.18.0-477.21.1.el8_8.src.rpm
    MD5: 18f1901cc6651cc9b50df9304bfc7f35
    SHA-256: b3c8d1c2167518e45cfc8b2cf4d03aa193da1f87729ba4d6b6397440c54e5cd0
    Size: 129.76 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: e840a4aea3b88fb8e159bff4674c5ad9
    SHA-256: b4d2cdbc1ad6a6f21bb5f1b75e04f2bb5a45eab263941515e20ca8e1a95c489b
    Size: 10.16 MB
  2. kernel-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: d339855245cc2d769f990b2b6541b804
    SHA-256: 74ee925de897182b46f5fc784466a42a0829df09ddac72a8ca1387aa84fc8e74
    Size: 9.40 MB
  3. kernel-abi-stablelists-4.18.0-477.21.1.el8_8.noarch.rpm
    MD5: 7d4425c237dc5ef6dc806bf02ce089ec
    SHA-256: c6de8808e9aa8d80028e954a403eda9c872918641226ef5c47c18febe9ca6b9b
    Size: 9.41 MB
  4. kernel-core-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 3c8f3723cfc4b02b3f2669a54a40596b
    SHA-256: 1a9cfc0bc178f1f874aef49e5953ae4d158dd31029c2f33775be35f52b53d2e2
    Size: 41.65 MB
  5. kernel-cross-headers-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 0de6ae49c787aa6b616bd6aafac59b44
    SHA-256: c6205efdfc6fdf4f924917796e0ecfd2e2317b6a032328dab054f2d344122dd9
    Size: 14.69 MB
  6. kernel-debug-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: bf4ccffbb9427d7e96413b5e03b70236
    SHA-256: f00d22d90b1d8e90df325427ac8e84d7049b10458e6c08b2672cc16efb250f9e
    Size: 9.40 MB
  7. kernel-debug-core-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: dbff9c979962af0184d7dae976e71b49
    SHA-256: b0d97a6a92d1c0eb77bdd2813b019c72f101bc6087095528fd389849415229ed
    Size: 70.38 MB
  8. kernel-debug-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: a4af48d0045a463f77ff51d2412957c9
    SHA-256: 554d055ad6431482aacfd1888ca8995281fc1641272fdcc73556b1b634300916
    Size: 23.09 MB
  9. kernel-debug-modules-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 674657c8110df72832e09d8e37d13bcd
    SHA-256: e5a8ac593b31cd9f264580acc2ebc0b6058bbc21c1764c4ab752394fbb4abb61
    Size: 63.39 MB
  10. kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: e4021834833e5c4849a77e0dd4c2a4ed
    SHA-256: 6dbf6483f5eb50a8085322123bc53b44b72965ca02403a2edd42ee620de4c411
    Size: 10.77 MB
  11. kernel-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 19618b40a23d56bb4148fdb71439d1b6
    SHA-256: 2334957c3e15f00864dfca740f85cba0776157fc59312b8ab37668e5a6ed483b
    Size: 22.89 MB
  12. kernel-doc-4.18.0-477.21.1.el8_8.noarch.rpm
    MD5: 417c7675e4e97cadeceacbe00df464a1
    SHA-256: 5b3ad3c4ab0017581953f47dca3b699b46e11bd831633e1ba0d8763d028c4cc2
    Size: 27.09 MB
  13. kernel-headers-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 859d5997f026a730d5e63fb301ad5067
    SHA-256: a88f35f16dc44f8fc8e6103aecd5abe778dc338ba9847835b37439ac1cb3f49c
    Size: 10.74 MB
  14. kernel-modules-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: fd9dd9af1e600e12808d3f0d03d54a82
    SHA-256: cf50aab04bed41eb0ee8caff4509bd892c3386671be44194db946f9c123295c5
    Size: 34.36 MB
  15. kernel-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 7860ee2b1515dd11dfbe484546093b3b
    SHA-256: acd1aa545ee8c6ace0b37c1cb806391d220ebe786152dae2a48aad76f4775975
    Size: 10.08 MB
  16. kernel-tools-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: cc72e2cdb2230b3dae9905f3ac0033c5
    SHA-256: 339e073640c1703a343c157f074b625a12d03efae4336a485672fd7fbe913fea
    Size: 9.62 MB
  17. kernel-tools-libs-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 6c6603fa6759e920eedf71f667dc4273
    SHA-256: 98ebe63b79bec5201c4c0055b118b44fa0cbb47358bc50db166bfd1b8c645f76
    Size: 9.41 MB
  18. kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: ec95a8ceaf9ebc5e74e8237fc434de89
    SHA-256: d38d364aad8b2182f6c01dcd989a8e13883397138d14a43e427b862bfe28cdfd
    Size: 9.40 MB
  19. perf-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 80d7abba1a3064dba92b57d86e676ac9
    SHA-256: 0419fe89f2b90d2c60383319961d6c80764e829ebc8a2c771fce701d47afb118
    Size: 11.69 MB
  20. python3-perf-4.18.0-477.21.1.el8_8.x86_64.rpm
    MD5: 9916c4a5ac543fdaab1d5574c23c82cc
    SHA-256: 27368c735d1c6c32195614b72c5c6e525ec53689773003ad07e7d8f7639f59bc
    Size: 9.53 MB