NS-SA-2024-0017
2024-04-12 12:32:05
简介
important: kernel security update
严重级别
important
主题
An update for kernel is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
kernel:
Security Fix(es):
kernel: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.(CVE-2022-2964)
kernel: A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-4378)
kernel: A vulnerabilty was found in Linux Kernel, where a speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents.(CVE-2023-0458)
kernel: A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.(CVE-2023-0590)
kernel: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The tcindex_delete does not properly deactivate filters, which can later lead to double freeing the structure. This flaw allows a local attacker to cause a use-after-free problem, leading to privilege escalation.(CVE-2023-1829)
kernel: A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices.(CVE-2023-1989)
kernel: A use-after-free flaw was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in the SCSI sub-component in the Linux Kernel. This issue could allow an attacker to leak kernel internal information.(CVE-2023-2162)
kernel: An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-2248)
kernel: A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.(CVE-2023-28327)
kernel: A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.(CVE-2023-28328)
kernel: An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2023-31436)
kernel: A use-after-free flaw was found in nr_listen in net/netrom/af_netrom.c in the Linux Kernel. The system must have netrom routing configured or an attacker must have the CAP_NET_ADMIN capability for this issue to be exploited.(CVE-2023-32269)
kernel: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F53B4.
影响组件
影响产品
- CGSL MAIN 5.04
- CGSL CORE 5.04
更新包
{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.noarch.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.noarch.rpm","kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","perf-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.noarch.rpm","kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.noarch.rpm","kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm","perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm"],"source":"kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.src.rpm"}]}]}
CGSL MAIN 5.04
- kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.src.rpm
- kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.noarch.rpm
- perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- perf-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.noarch.rpm
- kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
- kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1294.ga5e37f2.x86_64.rpm
CGSL CORE 5.04
- kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.src.rpm
- kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- perf-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.noarch.rpm
- kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.noarch.rpm
- kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
- perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1147.g8d42df2.lite.x86_64.rpm
CVE
参考