kernel-5.14.0-503.31.1.el9_5
エラータID: AXSA:2025-9782:20
リリース日:
2025/03/24 Monday - 10:27
題名:
kernel-5.14.0-503.31.1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- drivers/acpi/acpi_extlog.c の extlog_exit() 関数には、NULL
ポインタデリファレンスの問題があるため、ローカルの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2023-52605)
- net/can/bcm.c の bcm_proc_show() 関数には、procfs に登録した
エントリを削除する前に bcm_op データを誤って解放してしまうことに
起因したスラブ領域の解放後利用の問題があるため、ローカルの攻撃者に
より、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-52922)
- net/vmw_vsock/virtio_transport_common.c の
virtio_transport_destruct() 関数には、メモリ領域の解放後利用の
問題があるため、ローカルの攻撃者により、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-50264)
- drivers/hid/hid-core.c の hid_alloc_report_buf() 関数には、
メモリ領域を確保したあとの初期化処理が欠落しているため、ローカルの
攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2024-50302)
- mm/page_alloc.c の alloc_pages_bulk_noprof() 関数には、NULL
ポインタデリファレンスの問題があるため、ローカルの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2024-53113)
- sound/usb/quirks.c には、メモリ領域の範囲外アクセスの問題が
あるため、ローカルの攻撃者により、一部の特定の USB オーディオ
デバイスの利用を介して、特権昇格、および任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2024-53197)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-52605
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-52922
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op.
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace:
CVE-2024-50264
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.
CVE-2024-50302
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
CVE-2024-53113
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone.
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone.
CVE-2024-53197
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-5.14.0-503.31.1.el9_5.src.rpm
MD5: 52095f7e56c0b56fec834d0aa636252d
SHA-256: d1a6bc7a1f9677c2f10caf6befc94fd21b092072d2bef4f9f0234467f9be9b4c
Size: 139.64 MB
Asianux Server 9 for x86_64
- bpftool-7.4.0-503.31.1.el9_5.x86_64.rpm
MD5: b7951e0af8781249d7d84baeccdb4c81
SHA-256: 0a8b3fb3aa1e260061d907e1b2434a5db44aecf9d036fc3a8355b01a30014deb
Size: 2.81 MB - kernel-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: aaf7720aa1015f7cacbcc25e2722f9c3
SHA-256: 3bc5675d6c3534b6c61a272d42143cc77e2cd9b5fbf77db04e0e9fb7ae955947
Size: 2.04 MB - kernel-abi-stablelists-5.14.0-503.31.1.el9_5.noarch.rpm
MD5: 3220380fa6cff4896dea3044a9e31c8e
SHA-256: dbeba32b22cc8bcc7c4ec11c7d0aa68ac703d43f04692fd9c4b3686f816e36fb
Size: 2.06 MB - kernel-core-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 526b97a2709c67bd6070b10d68dd2bd7
SHA-256: 941a576d04a0b33686ecb338acf8d88423b1a6f3a8bbaa51a2f7865dff4de675
Size: 17.66 MB - kernel-cross-headers-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 03e2e131b9138d5c2c61b2c76593db73
SHA-256: cb68a0ee85f1a97561bcefb0118fc9486ef4a677ab91ac1eaaea683839baa544
Size: 8.79 MB - kernel-debug-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 16b33cb23c6de936c8f67c5939024e18
SHA-256: c73f91d7243852c2803b735c2f7ed93845ee07c943604878aead13fd216eb7d2
Size: 2.04 MB - kernel-debug-core-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 5eeae7da73374f76a0a8795b44059f8b
SHA-256: 43e4df9b3ab14899fc46e699deaf3033a74cdc1928482e0d21f53c43d571f3f8
Size: 30.72 MB - kernel-debug-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 6886f398c6f44183ef1bd91ae672cecc
SHA-256: cce42dcea1c5a28de250d564490859ca586b699673ed1b84f11fc32aa715e9e1
Size: 21.76 MB - kernel-debug-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 0802f9d123f58b735897d031a8528f7d
SHA-256: f4a654b48f8cb9a1cc61fa79417ba25b7ddfce42312d0b7e0f6be3c8fe0fd0a6
Size: 2.04 MB - kernel-debug-modules-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 6ed7aa3358cc297802b4d1f4f2326ade
SHA-256: 0e4b9e24580c82526d2f1252d2af59e270dfe3f8499a45094cf362b4e0276b2b
Size: 62.68 MB - kernel-debug-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 706d1ee87906f81ee2a5c82c33fad90e
SHA-256: c3583d6bb65f4f7c5062f6981fb6a3e707b9628be62ddbdd5e6de9d3e1638e98
Size: 47.97 MB - kernel-debug-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: d3c2ec7d94c92ecc6a63a4d5ede26b80
SHA-256: 5b2e42b0cb3ad19e9d42539bdd6f134d9a6c457fc6b5f6b3bd2101dac151a9e0
Size: 2.90 MB - kernel-debug-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 28c7c705dc3202685ce0bbed36356d72
SHA-256: ddb2b9bf42f2346f7f2d38b3ddb90e318467db4c487dc9e894471ab1f76c2470
Size: 81.32 MB - kernel-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 1f4d3cf1695efb65cde7ce752b4314ab
SHA-256: 792ee9cec16d63b8f8e81b3b51ec5cdc0dd3069703302cc959a567f694103ebd
Size: 21.57 MB - kernel-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: ee627d0e6416b8d8b044c3a5f8bf23ac
SHA-256: d89ea02c29c4f860a3d777c57908734e67efbcdb511261fdfd338d539d001b63
Size: 2.04 MB - kernel-doc-5.14.0-503.31.1.el9_5.noarch.rpm
MD5: 57b51dc26563832fda33001015722f23
SHA-256: 021e124f3f2b440b4ba53c57b04a025120d2b6954bd1ffc3e423096007115565
Size: 37.44 MB - kernel-headers-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 508418c55d84cd9b3eba5fba248be6ba
SHA-256: aa4bb8b50ec214d884a42f8c8987a5faa706d118acb28f4b4cc408d79be67b91
Size: 3.75 MB - kernel-modules-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 34f4fd50179abcd37906d2853eac6b3d
SHA-256: bd8e1333c6f6bcdbad64f3ce19436b8ca23c3c58aa373267c6a7ee60ee5b4a91
Size: 36.56 MB - kernel-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 21d718fc432bd89a006efaf9b2defe4a
SHA-256: cc399fc4260e00e80d303b7a5d6496e3eb7419387cd5a4dbef00405dd3d525b0
Size: 30.45 MB - kernel-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 9fe1edd4896d3879248a80f352f3d2a7
SHA-256: c324567a64a98016f56110a6efcb3a8beb136c31b4e05cbde8cd97c1cec304d4
Size: 2.51 MB - kernel-tools-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: edc09a5f17ca2365ce21c4250f3ffaec
SHA-256: ce2aa40cdd18d2275527b81ac816262ac25a5444260a98efc0300e67b56aa401
Size: 2.30 MB - kernel-tools-libs-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 92550905b6a49c22844ad721819e8d2a
SHA-256: 370c5d4a5d8b002b786b0dc7cf13e9dc551a5cd473030ffcd515302f06234060
Size: 2.05 MB - kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 8918f7452665616811842ca720cc7c3d
SHA-256: a9379e4239c6a99f91b3bf4aa4616af34389675cf8bb9081412e7d9bfb01c64d
Size: 2.04 MB - kernel-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 5c448e08150eafc589f7462be3e24039
SHA-256: a8957eee1e49af3ff4a864441e979fe217977fbdedd516fcf99ba8a02fbe3f1d
Size: 60.51 MB - kernel-uki-virt-addons-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: accd15043ddfdccabb989e9c5db2707f
SHA-256: 5f6089041198e2c41b2ad521c72c646449f734d353416b901892f3258ba162ce
Size: 2.06 MB - libperf-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 57df405d646b2b11792d0e0562334b9e
SHA-256: 224465726bbcdc10e9a2316eb5f643041d3936d0204ac931856459978b163cf1
Size: 2.06 MB - perf-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 1886667510f2d671862bbda9d5d94eac
SHA-256: dda7ce91c961093c59bd2df74147c9fc4ac5eccd99deaa3348e793042fbfb75b
Size: 4.21 MB - python3-perf-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: f84dfc732841fac85d67255a21778593
SHA-256: 9e5f5a77330ba51708042b47284b6998a50ab70a1adc4589220a86c1c06ccc2a
Size: 2.14 MB - rtla-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: 94c2fee8f99b223a1a095a5aa766981d
SHA-256: 605a3f2dc9536f09aa19ac4a96fe95376b62674299a11050492d326b7b083447
Size: 2.09 MB - rv-5.14.0-503.31.1.el9_5.x86_64.rpm
MD5: fd28987453bd2a28f04a2fa9da11240f
SHA-256: c295712b438eff4520764534bc11c460a28303f30122ab1bdc80112e2ee9b9a3
Size: 2.05 MB
English