kernel-3.10.0-1160.119.1.0.9.el7.AXS7
エラータID: AXSA:2025-9729:16
リリース日:
2025/03/11 Tuesday - 15:10
題名:
kernel-3.10.0-1160.119.1.0.9.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- sound/usb/clock.c には、データの長さのチェック処理の
欠落に起因したメモリ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、細工された USB オーディオデバイス
の利用を介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-53150)
- drivers/gpu/drm/display/drm_dp_mst_topology.c には、
NULL ポインタデリファレンスの問題があるため、ローカルの
攻撃者により、情報の漏洩、およびサービス拒否攻撃などを
可能とする脆弱性が存在します。(CVE-2024-57798)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-53150
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
CVE-2024-57798
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it's used. v2: Fix kfreeing the request if getting an mst_primary reference fails.
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it's used. v2: Fix kfreeing the request if getting an mst_primary reference fails.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- bpftool-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: d92e36b717fb03390a2bb4c6c268893e
SHA-256: d3f84bac0c1af1351d0efec09e397f4cff809e9c2b8dc741f6abaf0523b75556
Size: 8.54 MB - kernel-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 0c3291d04be05780139136d4c7592dd2
SHA-256: b60dbd9b23a3cbdb08b07f33baf3b9d287fdaed170f0d35e70b66da18ed7b6f4
Size: 51.75 MB - kernel-abi-whitelists-3.10.0-1160.119.1.0.9.el7.AXS7.noarch.rpm
MD5: 22018df47ff05a1fb882d724bae91a0d
SHA-256: 50d503f83d15c26f7a91dac878a93fcafbddddca7655fe85736614d03b74f7ab
Size: 8.11 MB - kernel-debug-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 02b1e59132d762f28cc5ec3834b3a381
SHA-256: a87753db25075d76125965a7cb5330f44ceadf5f195b668a0d0ecd46e6ee25d1
Size: 54.05 MB - kernel-debug-devel-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 145de10fed0e7aa6af630ebb10f0eaca
SHA-256: 861823c4a8b72e2523223fb0e5eee916dedacb1241e96e738edb8f09a1c51840
Size: 18.15 MB - kernel-devel-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: ea0926fc5dff0fb537ef71b6c9f50cdd
SHA-256: 279a24c3dbc0db75ed3e6d89dfdcbffdc8eb339291da395173ffaa2804bfdddc
Size: 18.08 MB - kernel-doc-3.10.0-1160.119.1.0.9.el7.AXS7.noarch.rpm
MD5: 76aa311e891fc92687dbc5a62a64d7a8
SHA-256: f94148ca5b989d741b7000cdc7de6792bfd5fb4cd2c14d7b6aebc36589120269
Size: 19.58 MB - kernel-headers-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: b3cf9b7c072ae15e0c0f683f87fe519e
SHA-256: ad040dbd2460a80b27dcefee782abb27542f5e96d4038e40f8109041759f5480
Size: 9.10 MB - kernel-tools-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 904fe3495897c2a1a97d0baf72c63fc1
SHA-256: d25cf60d3b84da30c1d6175d9c285727fa34d392a01959eb4acf2b928c050cb7
Size: 8.21 MB - kernel-tools-libs-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 5a7770d87079c16dfa86f4b972807cfa
SHA-256: e080a0b58684e43aee59b3cae0910e49b52c1b689f9cda790762ac73f52fc186
Size: 8.10 MB - perf-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: 225e1b1e8b7cb3910f380452f64de8a2
SHA-256: 493fd8d3cffec28b606f6f9a84dd385b7bdeecef561b68a0c95462a4dd2d696e
Size: 9.75 MB - python-perf-3.10.0-1160.119.1.0.9.el7.AXS7.x86_64.rpm
MD5: d9e7d4e38417c5673b9ef01a733ac6cf
SHA-256: b0452def5cc869a1f024fa8d7f6d3567e2a7755c54ca69a9463356a8bd80ce05
Size: 8.20 MB