kernel-3.10.0-1160.119.1.0.3.el7.AXS7
エラータID: AXSA:2024-8831:30
リリース日:
2024/09/26 Thursday - 09:09
題名:
kernel-3.10.0-1160.119.1.0.3.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Xen のブロックデバイスおよび PV デバイスの実装には、許容
されていない 4KByte 未満のページのバックエンドとの共有を
試行してしまう問題があるため、ローカルの攻撃者により、情報
の漏洩を可能とする脆弱性が存在します。(CVE-2022-33742)
- net/core/net_namespace.c には、レースコンディションに起因
したメモリ領域の範囲外アクセスの問題があるため、ローカルの
攻撃者により、特権昇格、およびサービス拒否攻撃 (カーネル
クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-36883)
- ALSA には、デッドロックを起こす問題があるため、ローカル
の攻撃者により、デバイスの切断処理を介して、サービス拒否
攻撃を可能とする脆弱性が存在します。(CVE-2024-38600)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-33742
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic.
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic.
CVE-2024-38600
In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state. Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing. While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now.
In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state. Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing. While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- bpftool-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: 5a8d62fd8d20f0dff7ced19730c66ba1
SHA-256: f6355459d6daa0f08ee0393500031d94941368685301a3d6593b3d177e88eb41
Size: 8.53 MB - kernel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: 601eac9b4f93ae07214ef1c2efd9a39b
SHA-256: 30e8c85a2e96058322be4b1e801e08d09097827ccad2fb5745520b34e25bb74f
Size: 51.74 MB - kernel-abi-whitelists-3.10.0-1160.119.1.0.3.el7.AXS7.noarch.rpm
MD5: 3316043e4b3077eb0aeab9e2786aed2a
SHA-256: 7be00b7831d93f2ee30046aeb6efb980d9aad406cc6bb1cb08d0cfd2408555f4
Size: 8.10 MB - kernel-debug-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: a84b44ebae4bda0e731448562f573471
SHA-256: c663206cc26446e60c58e7f60e4af042eb35c246befdc3177ba4f0f81d66e9c9
Size: 54.03 MB - kernel-debug-devel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: 0fac52f030c6f2442c094bbebd5960ee
SHA-256: 0e030db11354d633c4e9518c4c336e086d1545724b609301fbecb5e68c96d23d
Size: 18.13 MB - kernel-devel-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: a315824d94ba1d1b25166708470334c6
SHA-256: 7e057203bf0445d6c05d5d91d60f1b3bc799e4f4a5ec6b0afba25d3ae75a7e0a
Size: 18.07 MB - kernel-doc-3.10.0-1160.119.1.0.3.el7.AXS7.noarch.rpm
MD5: 09af67a130a9c2fc96b778aa1a8b445f
SHA-256: 9d2ca4fd4e094673ada9635474fd4efe342f02ba6a5f1cb3c362ff5ffdd7348b
Size: 19.57 MB - kernel-headers-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: 49c5d8f36d4813e9d42ee3078b977054
SHA-256: db6b6b0e8cd3815e57d3e30af1b5fbefe84fcafc38f2d3eaef6081391c082cde
Size: 9.09 MB - kernel-tools-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: b13d1e1063ef83d6996b2c8d273da9fd
SHA-256: debc5551ca6759bcfb1b673f40a53fdca55d25c8a9cf9618024e2eb3f9a660d8
Size: 8.20 MB - kernel-tools-libs-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: a2ef7884391cd102d878c0f4bd5ac516
SHA-256: 9dbe0d18745926f8fa2376c588bb2e159d790be856bf174d687cbc245a60c881
Size: 8.10 MB - perf-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: ca4d23dd6e1854e0474de56f07a37e69
SHA-256: 52cb7433c920527e665dbb988e3596e6159aaa7013fd649a30850044a03c7a37
Size: 9.74 MB - python-perf-3.10.0-1160.119.1.0.3.el7.AXS7.x86_64.rpm
MD5: 95c94ca25d8649ddd754730c99bdca5c
SHA-256: 54c16bc3ae44b7132b9680decbeeb1ce5a1b4c70d847629789e888fa851b1cf1
Size: 8.19 MB
English