kernel-4.18.0-513.9.1.el8_9
エラータID: AXSA:2024-7403:01
リリース日:
2024/01/16 Tuesday - 06:26
題名:
kernel-4.18.0-513.9.1.el8_9
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- DVB コアデバイスドライバーの
drivers/media/dvb-core/dvbdev.c の dvb_register_device()
関数には、メモリ領域の解放後利用の問題があるため、
ローカルの攻撃者により、特権昇格、およびサービス拒否
攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2022-45884)
- DVB コアデバイスドライバーの
drivers/media/dvb-core/dvb_net.c には、.disconnect() 関数
と dvb_device_open() 関数間のレースコンディションに
起因するメモリ領域の解放後利用の問題があるため、
ローカルの攻撃者により、特権昇格、およびサービス拒否
攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2022-45886)
- DVB コアデバイスドライバーの dvb_ca_en50221_release()
関数には、wait_event() 関数の呼び出しの欠落に起因した
メモリ領域の解放後利用の問題があるため、ローカルの
攻撃者により、特権昇格、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2022-45919)
- Common Internet File System (CIFS) の
smb2_is_status_io_timeout() 関数には、メモリ領域の解放後
利用の問題があるため、リモートの攻撃者により、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-1192)
- Berkeley Packet Filter (BPF) には、検証処理の不備に起因
して安全でない処理が誤って安全と判定されてしまう問題
があるため、ローカルの攻撃者により、他のユーザー権限
の奪取、カーネル空間のメモリ領域への不正なアクセス、
およびコンテナ環境からのエスケープを可能とする脆弱性
が存在します。(CVE-2023-2163)
- TUN/TAP デバイスドライバーには、NAPI のフラグメント
機能を有効化した場合にメモリ領域の範囲外をアクセスして
しまう問題があるため、ローカルの攻撃者により、巨大な
サイズとなるように細工されたパケットを介して、特権昇格
やサービス拒否攻撃 (クラッシュの発生) を可能とする脆弱性
が存在します。(CVE-2023-3812)
- NVMe-oF/TCP サブシステム の drivers/nvme/target/tcp.c の
nvmet_tcp_free_crypto() 関数には、メモリ領域の解放後利用、
および二重解放の問題があるため、リモートの攻撃者により、
特権昇格、および任意のコードの実行を可能とする脆弱性が
存在します。(CVE-2023-5178)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-45884
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-45886
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45919
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2023-1192
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.
CVE-2023-2163
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
CVE-2023-3812
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-5178
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-4.18.0-513.9.1.el8_9.src.rpm
MD5: 7d81bfc5ce370dcd64973a2f87e774f5
SHA-256: 05a3c6d05f991ad3e7f289c3895576c43d9c2f5b89766d7d19600a012b3aa332
Size: 131.32 MB
Asianux Server 8 for x86_64
- bpftool-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: dd1b4dec3a2c3fd37aace1502659d0e0
SHA-256: ce5d056877176402e02ae8b4e743b5dda5928f4e902c59017998587eb363cdde
Size: 10.77 MB - kernel-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 6efb391c4d6f292210715ab265a9c1f6
SHA-256: 31b13ee0175de8f9febbedc02e6edbb38f8b26dcec94466de006794f83ba41c5
Size: 10.03 MB - kernel-abi-stablelists-4.18.0-513.9.1.el8_9.noarch.rpm
MD5: b47a4960205a3f50cced66b9a5a60fe7
SHA-256: d912a447cfc2466a5b1f1110a917a9bc221faee6fdb8a89ab735787f62750cd7
Size: 10.05 MB - kernel-core-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 05dd8e96ff922234ea623562d7148893
SHA-256: f0d5a1353840f591e482064e171857d0b778beace66d8373ac7a031443f38bcb
Size: 42.52 MB - kernel-cross-headers-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: ba9441d00b909afa04542b95c4a16810
SHA-256: c45da201408853f14c9e69583320ee06f05a3482d9476d7a3f166a1a7968d30e
Size: 15.38 MB - kernel-debug-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 873f0aab944f66a41cd053bf7f9f8ed2
SHA-256: 9ecea936c2cfd26ac699ebd6d948d3f00809f1fb47686c7776f002efc51f375f
Size: 10.03 MB - kernel-debug-core-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 789d752188ec8421f91ad947d6fdcc9f
SHA-256: 26a682be00e85669b758e2bcd90011d776d8d350be38226348c01cf69390362b
Size: 71.40 MB - kernel-debug-devel-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 88efa0257a37c1f8096be30d35252113
SHA-256: a809a3eeb989a8dea1d8d315a2e76c593df901218f28f5d3970c7982ab8fff0b
Size: 23.82 MB - kernel-debug-modules-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 0bfe2763aee8aa8ff6a88dd91569f392
SHA-256: bc2325de9a6d967dd05e02d89fe81d4a477a00090b6b6123a8d07e81cd0720e7
Size: 64.92 MB - kernel-debug-modules-extra-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 47fe8e4e69e38bb2f84f8a652c68bbc5
SHA-256: aca85add4728059ae4ed0d9be9bf336a9fda8ab61b9aa1f545aa7aee0f74f783
Size: 11.40 MB - kernel-devel-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: b97b37be9f06851b5113ee9c66844cd2
SHA-256: 312b49c65671290af0ab080a43d6968f4ddc2ef82522d842af53d410eb1aeb10
Size: 23.61 MB - kernel-doc-4.18.0-513.9.1.el8_9.noarch.rpm
MD5: e5a4049189146ede01ad321cbc9507de
SHA-256: 4596793b9f5668d4ccda41caa825c3eea5ff8c2ce571fb166b9a5b09b9bb1f76
Size: 27.81 MB - kernel-headers-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: f36ee3f701945ecbe7d65c9b83a4d539
SHA-256: b8546572c421144f04ba09d98dda0be64a6ada1409c7b1d5b605ac4a4551e3ec
Size: 11.38 MB - kernel-modules-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 14dd3ef3f24c5742e6fd267a90ada1c0
SHA-256: 039b599cc7fefd0f9e1ca49929fa171ab346a596522eec161425c29f90350562
Size: 35.44 MB - kernel-modules-extra-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 437e534503546637fb15ec8d12528838
SHA-256: aa4af42345b659192fa6a3eea28e9549ebc67dc46571ded3136edd1cc39502ba
Size: 10.71 MB - kernel-tools-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 1bb73919c453ac184e77afe18469b51c
SHA-256: ba58af7506ef2d1d273293ee187e9b927517eb4d319a7c3b24cbb47aaf8f4a70
Size: 10.25 MB - kernel-tools-libs-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: d23ae948bfe335160b5fb8cc6221c77e
SHA-256: 83a35337c993fa12598238ac28bf7c41e3dc7e7dea5e76f11f5a0c523858ec35
Size: 10.04 MB - kernel-tools-libs-devel-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: a4e5d6ad89f500e1a801ad848492bd7f
SHA-256: c6a1c3de5a34360181efbb2167e612e95a921b92ccb54b8f4c62b233ec468984
Size: 10.03 MB - perf-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: 4da788d9b9e55c38f87cc7f43dd26ca8
SHA-256: 06599e90a41c7f3bb8ddee84b6d3577354559dbc0b009cd2d71e532a0c1c9c80
Size: 12.36 MB - python3-perf-4.18.0-513.9.1.el8_9.x86_64.rpm
MD5: a4a7a97f6e1b096e16ff1e2465f89840
SHA-256: cd7cbb5ae3a382d4c3d8f69b45d382d05f6abf74b4a7c3248a6eb7f5cfbf4d8c
Size: 10.16 MB
English