ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2024-44070): FRR vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 09/18/2024 Added 09/18/2024 Modified 01/30/2025 Description An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. Solution(s) ubuntu-pro-upgrade-frr ubuntu-pro-upgrade-quagga ubuntu-pro-upgrade-quagga-bgpd References https://attackerkb.com/topics/cve-2024-44070 CVE - 2024-44070 USN-7016-1 USN-7017-1 USN-7230-1 USN-7230-2

SUSE: CVE-2024-22034: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/19/2024 Created 08/20/2024 Added 08/20/2024 Modified 08/20/2024 Description This CVE is addressed in the SUSE advisories SUSE-SU-2024:2961-1, SUSE-SU-2024:2963-1, CVE-2024-22034. Solution(s) suse-upgrade-osc References https://attackerkb.com/topics/cve-2024-22034 CVE - 2024-22034 SUSE-SU-2024:2961-1 SUSE-SU-2024:2963-1

Amazon Linux 2023: CVE-2024-7592: Important priority package update for python3.9 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:S/C:N/I:N/A:C) Published 08/19/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. Solution(s) amazon-linux-2023-upgrade-python3 amazon-linux-2023-upgrade-python3-11 amazon-linux-2023-upgrade-python3-11-debug amazon-linux-2023-upgrade-python3-11-debuginfo amazon-linux-2023-upgrade-python3-11-debugsource amazon-linux-2023-upgrade-python3-11-devel amazon-linux-2023-upgrade-python3-11-idle amazon-linux-2023-upgrade-python3-11-libs amazon-linux-2023-upgrade-python3-11-test amazon-linux-2023-upgrade-python3-11-tkinter amazon-linux-2023-upgrade-python3-9-debuginfo amazon-linux-2023-upgrade-python3-9-debugsource amazon-linux-2023-upgrade-python3-debug amazon-linux-2023-upgrade-python3-devel amazon-linux-2023-upgrade-python3-idle amazon-linux-2023-upgrade-python3-libs amazon-linux-2023-upgrade-python3-test amazon-linux-2023-upgrade-python3-tkinter amazon-linux-2023-upgrade-python-unversioned-command References https://attackerkb.com/topics/cve-2024-7592 CVE - 2024-7592 https://alas.aws.amazon.com/AL2023/ALAS-2024-790.html https://alas.aws.amazon.com/AL2023/ALAS-2025-829.html

Zoho ManageEngine ADAudit Plus: Authenticated SQL Injection Vulnerability (CVE-2024-5586) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 08/19/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description An authenticated SQL injection vulnerability in ADAudit Plus Extranet lockouts report has been fixed and released in ManageEngine ADAudit Plus version 8121. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-5586 CVE - 2024-5586 https://www.manageengine.com/products/active-directory-audit/cve-2024-5586.html

Debian: CVE-2024-44070: frr -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. Solution(s) debian-upgrade-frr References https://attackerkb.com/topics/cve-2024-44070 CVE - 2024-44070 DLA-3865-1

Zoho ManageEngine ADAudit Plus: SQL Injection Vulnerability (CVE-2024-5608) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 08/19/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description ManageEngine ADAudit Plus versions below 8121 are vulnerable to authenticated SQL Injection in Technician reports. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-5608 CVE - 2024-5608 https://www.manageengine.com/products/active-directory-audit/cve-2024-5608.html

Zoho ManageEngine ADAudit Plus: Authenticated SQL Injection Vulnerability (CVE-2024-5467) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 08/19/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description An authenticated SQL injection vulnerability in ADAudit Plus Account lockout report has been fixed and released in ManageEngine ADAudit Plus version 8121. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-5467 CVE - 2024-5467 https://www.manageengine.com/products/active-directory-audit/cve-2024-5467.html

Alpine Linux: CVE-2024-7592: Inefficient Regular Expression Complexity Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. Solution(s) alpine-linux-upgrade-python3 References https://attackerkb.com/topics/cve-2024-7592 CVE - 2024-7592 https://security.alpinelinux.org/vuln/CVE-2024-7592

Zoho ManageEngine ADAudit Plus: SQL Injection Vulnerability (CVE-2024-36485) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:P) Published 08/19/2024 Created 12/19/2024 Added 12/18/2024 Modified 02/03/2025 Description ManageEngine ADAudit Plus versions below 8121 are vulnerable to authenticated SQL Injection in reports module. Solution(s) zoho-manageengine-adaudit-plus-upgrade-latest References https://attackerkb.com/topics/cve-2024-36485 CVE - 2024-36485 https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html

IBM AIX: python_advisory13 (CVE-2024-7592): Vulnerability in python affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 11/07/2024 Added 11/06/2024 Modified 01/30/2025 Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. Solution(s) ibm-aix-python_advisory13 References https://attackerkb.com/topics/cve-2024-7592 CVE - 2024-7592 https://aix.software.ibm.com/aix/efixes/security/python_advisory13.asc

Debian: CVE-2024-7592: python3.11, python3.9 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/30/2025 Description There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. Solution(s) debian-upgrade-python3-11 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2024-7592 CVE - 2024-7592 DLA-3980-1

Debian: CVE-2024-42321: linux, linux-6.1 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/17/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/03/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net") but this complementary fix has been also suggested by Willem de Bruijn and it can be easily backported to -stable kernel which consists in using DEBUG_NET_WARN_ON_ONCE instead to silence the following splat given __skb_get_hash() is used by the nftables tracing infrastructure to to identify packets in traces. [69133.561393] ------------[ cut here ]------------ [69133.561404] WARNING: CPU: 0 PID: 43576 at net/core/flow_dissector.c:1104 __skb_flow_dissect+0x134f/ [...] [69133.561944] CPU: 0 PID: 43576 Comm: socat Not tainted 6.10.0-rc7+ #379 [69133.561959] RIP: 0010:__skb_flow_dissect+0x134f/0x2ad0 [69133.561970] Code: 83 f9 04 0f 84 b3 00 00 00 45 85 c9 0f 84 aa 00 00 00 41 83 f9 02 0f 84 81 fc ff ff 44 0f b7 b4 24 80 00 00 00 e9 8b f9 ff ff <0f> 0b e9 20 f3 ff ff 41 f6 c6 20 0f 84 e4 ef ff ff 48 8d 7b 12 e8 [69133.561979] RSP: 0018:ffffc90000006fc0 EFLAGS: 00010246 [69133.561988] RAX: 0000000000000000 RBX: ffffffff82f33e20 RCX: ffffffff81ab7e19 [69133.561994] RDX: dffffc0000000000 RSI: ffffc90000007388 RDI: ffff888103a1b418 [69133.562001] RBP: ffffc90000007310 R08: 0000000000000000 R09: 0000000000000000 [69133.562007] R10: ffffc90000007388 R11: ffffffff810cface R12: ffff888103a1b400 [69133.562013] R13: 0000000000000000 R14: ffffffff82f33e2a R15: ffffffff82f33e28 [69133.562020] FS:00007f40f7131740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [69133.562027] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [69133.562033] CR2: 00007f40f7346ee0 CR3: 000000015d200001 CR4: 00000000001706f0 [69133.562040] Call Trace: [69133.562044]<IRQ> [69133.562049]? __warn+0x9f/0x1a0 [ 1211.841384]? __skb_flow_dissect+0x107e/0x2860 [...] [ 1211.841496]? bpf_flow_dissect+0x160/0x160 [ 1211.841753]__skb_get_hash+0x97/0x280 [ 1211.841765]? __skb_get_hash_symmetric+0x230/0x230 [ 1211.841776]? mod_find+0xbf/0xe0 [ 1211.841786]? get_stack_info_noinstr+0x12/0xe0 [ 1211.841798]? bpf_ksym_find+0x56/0xe0 [ 1211.841807]? __rcu_read_unlock+0x2a/0x70 [ 1211.841819]nft_trace_init+0x1b9/0x1c0 [nf_tables] [ 1211.841895]? nft_trace_notify+0x830/0x830 [nf_tables] [ 1211.841964]? get_stack_info+0x2b/0x80 [ 1211.841975]? nft_do_chain_arp+0x80/0x80 [nf_tables] [ 1211.842044]nft_do_chain+0x79c/0x850 [nf_tables] Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-42321 CVE - 2024-42321 DLA-4008-1

Huawei EulerOS: CVE-2024-43853: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/<pid>/cpuset repeatly. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repeatly. The race that cause this bug can be shown as below: (umount) | (cat /proc/<pid>/cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsystems | cgroup_free_root | | // cgrp was freed, UAF | cgroup_path_ns_locked(cgrp,..); When the cpuset is initialized, the root node top_cpuset.css.cgrp will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated &cgroup_root.cgrp. When the umount operation is executed, top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp. The problem is that when rebinding to cgrp_dfl_root, there are cases where the cgroup_root allocated by setting up the root for cgroup v1 is cached. This could lead to a Use-After-Free (UAF) if it is subsequently freed. The descendant cgroups of cgroup v1 can only be freed after the css is released. However, the css of the root will never be released, yet the cgroup_root should be freed when it is unmounted. This means that obtaining a reference to the css of the root does not guarantee that css.cgrp->root will not be freed. Fix this problem by using rcu_read_lock in proc_cpuset_show(). As cgroup_root is kfree_rcu after commit d23b5c577715 ("cgroup: Make operations on the cgroup root_list RCU safe"), css->cgroup won't be freed during the critical section. To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to replace task_get_css with task_css. [1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-43853 CVE - 2024-43853 EulerOS-SA-2024-2983

FreeBSD: VID-802961EB-7A89-11EF-BDD7-A0423F48A938 (CVE-2024-44070): frr - BGP Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/19/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. Solution(s) freebsd-upgrade-package-frr8 freebsd-upgrade-package-frr9 References CVE-2024-44070

Huawei EulerOS: CVE-2024-43835: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_xmit+0x1c8/0x510 napi_skb_cache_put+0x82/0x4b0 __free_old_xmit+0x1c8/0x510 __free_old_xmit+0x1c8/0x510 __pfx___free_old_xmit+0x10/0x10 The issue arises because virtio is assuming it's running in NAPI context even when it's not, such as in the netpoll case. To resolve this, modify virtnet_poll_tx() to only set NAPI when budget is available. Same for virtnet_poll_cleantx(), which always assumed that it was in a NAPI context. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-43835 CVE - 2024-43835 EulerOS-SA-2024-2983

Oracle Linux: CVE-2024-43841: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even if the SSID is different from the one virt_wifi has advertised. Eventually cfg80211 won&apos;t be able to find the cfg80211_bss and generate the warning. Fixed it by checking the SSID (from user space) in the connection code. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-43841 CVE - 2024-43841 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815

Oracle Linux: CVE-2024-42291: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/17/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42291 CVE - 2024-42291 ELSA-2024-12815

Oracle Linux: CVE-2024-42286: ELSA-2024-12682: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS:0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42286 CVE - 2024-42286 ELSA-2024-12682 ELSA-2024-12782 ELSA-2024-12780

Oracle Linux: CVE-2024-42281: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:M/C:N/I:P/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42281 CVE - 2024-42281 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815

Oracle Linux: CVE-2024-42284: ELSA-2024-8162:kernel security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42284 CVE - 2024-42284 ELSA-2024-8162 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-8856 ELSA-2024-12815 ELSA-2024-12868 View more

Oracle Linux: CVE-2024-42322: ELSA-2024-7000:kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/10/2024 Description In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2024-42322 CVE - 2024-42322 ELSA-2024-7000

Oracle Linux: CVE-2024-42277: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom-&gt;sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. A flaw was identified and fixed in the Linux kernel&apos;s Spreadtrum (sprd) IOMMU driver. This issue occurred in the `sprd_iommu_cleanup()` function, where a null pointer dereference happened when calling `sprd_iommu_hw_en()`, as `dom-&gt;sdev` was `NULL`. This problem could lead to kernel crashes or instability. The bug was discovered by the Linux Verification Center using SVACE. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42277 CVE - 2024-42277 ELSA-2024-12815

Oracle Linux: CVE-2024-42280: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don&apos;t dereference *sp after calling dev_kfree_skb(*sp). Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42280 CVE - 2024-42280 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815 ELSA-2024-12868

Oracle Linux: CVE-2024-42308: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/17/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check for NULL pointer [why &amp; how] Need to make sure plane_state is initialized before accessing its members. (cherry picked from commit 295d91cbc700651782a60572f83c24861607b648) Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42308 CVE - 2024-42308 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815

Oracle Linux: CVE-2024-42287: ELSA-2024-12682: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 08/17/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: &lt;TASK&gt; ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? asm_exc_page_fault+0x22/0x30 ? dma_direct_unmap_sg+0x51/0x1e0 ? preempt_count_sub+0x96/0xe0 qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx] qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx] __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx] The command completion was done early while aborting the commands in driver unload path but outside lock to avoid the WARN_ON condition of performing dma_free_attr within the lock. However this caused race condition while command completion via multiple paths causing system crash. Hence complete the command early in unload path but within the lock to avoid race condition. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42287 CVE - 2024-42287 ELSA-2024-12682 ELSA-2024-12782 ELSA-2024-12780