ISHACK AI BOT

Amazon Linux AMI: CVE-2024-7348: Security patch for postgresql92 (ALAS-2025-1959) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/08/2024 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected. Solution(s) amazon-linux-upgrade-postgresql92 References ALAS-2025-1959 CVE-2024-7348

VMware Photon OS: CVE-2024-42232 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting().Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic.This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42232 CVE - 2024-42232

VMware Photon OS: CVE-2024-43167 Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/08/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-43167 CVE - 2024-43167

Amazon Linux 2023: CVE-2024-43168: Low priority package update for unbound Severity 4 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:P) Published 08/07/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound&apos;s config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. Solution(s) amazon-linux-2023-upgrade-python3-unbound amazon-linux-2023-upgrade-python3-unbound-debuginfo amazon-linux-2023-upgrade-unbound amazon-linux-2023-upgrade-unbound-anchor amazon-linux-2023-upgrade-unbound-anchor-debuginfo amazon-linux-2023-upgrade-unbound-debuginfo amazon-linux-2023-upgrade-unbound-debugsource amazon-linux-2023-upgrade-unbound-devel amazon-linux-2023-upgrade-unbound-libs amazon-linux-2023-upgrade-unbound-libs-debuginfo amazon-linux-2023-upgrade-unbound-utils amazon-linux-2023-upgrade-unbound-utils-debuginfo References https://attackerkb.com/topics/cve-2024-43168 CVE - 2024-43168 https://alas.aws.amazon.com/AL2023/ALAS-2024-760.html

VMware Photon OS: CVE-2024-42245 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42245 CVE - 2024-42245

VMware Photon OS: CVE-2024-42240 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42240 CVE - 2024-42240

FreeBSD: VID-8FB61D94-771B-11EF-9A62-002590C1F29C (CVE-2024-6760): FreeBSD -- ktrace(2) fails to detach when executing a setuid binary Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/07/2024 Created 09/24/2024 Added 09/22/2024 Modified 01/28/2025 Description A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. Solution(s) freebsd-upgrade-base-13_3-release-p5 freebsd-upgrade-base-14_0-release-p9 freebsd-upgrade-base-14_1-release-p3 References CVE-2024-6760

FreeBSD: VID-F140CFF0-771A-11EF-9A62-002590C1F29C (CVE-2024-6640): FreeBSD -- pf incorrectly matches different ICMPv6 states in the state table Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/07/2024 Created 09/24/2024 Added 09/22/2024 Modified 09/22/2024 Description In ICMPv6 Neighbor Discovery (ND), the ID is always 0.When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply.The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table. Solution(s) freebsd-upgrade-base-13_3-release-p5 freebsd-upgrade-base-14_0-release-p9 freebsd-upgrade-base-14_1-release-p3 References CVE-2024-6640

Red Hat JBossEAP: Race Condition (CVE-2024-7885) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/07/2024 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.. A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2024-7885 CVE - 2024-7885 https://access.redhat.com/security/cve/CVE-2024-7885 https://bugzilla.redhat.com/show_bug.cgi?id=2305290 https://access.redhat.com/errata/RHSA-2024:7441 https://access.redhat.com/errata/RHSA-2024:7442 https://access.redhat.com/errata/RHSA-2024:7735 https://access.redhat.com/errata/RHSA-2024:7736 View more

VMware Photon OS: CVE-2024-42247 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8] Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42247 CVE - 2024-42247

Huawei EulerOS: CVE-2024-42232: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 11/27/2024 Added 11/26/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting().Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic.This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-42232 CVE - 2024-42232 EulerOS-SA-2024-2929

Debian: CVE-2024-42245: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-42245 CVE - 2024-42245 DLA-4008-1

Alma Linux: CVE-2024-42237: Important: kernel security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-42237 CVE - 2024-42237 https://errata.almalinux.org/8/ALSA-2024-7000.html https://errata.almalinux.org/8/ALSA-2024-7001.html

Ubuntu: (Multiple Advisories) (CVE-2024-42234): Linux kernel kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??), and VM_BUG_ON_PAGE(page_ref_count(page) == 0)s from deferred_split_scan()'s folio_put(), and a variety of other BUG and WARN symptoms implying double free by deferred split and large folio migration. 6.7 commit 9bcef5973e31 ("mm: memcg: fix split queue list crash when large folio migration") was right to fix the memcg-dependent locking broken in 85ce2c517ade ("memcontrol: only transfer the memcg data for migration"), but missed a subtlety of deferred_split_scan(): it moves folios to its own local list to work on them without split_queue_lock, during which time folio->_deferred_list is not empty, but even the "right" lock does nothing to secure the folio and the list it is on. Fortunately, deferred_split_scan() is careful to use folio_try_get(): so folio_migrate_mapping() can avoid the race by folio_undo_large_rmappable() while the old folio's reference count is temporarily frozen to 0 - adding such a freeze in the !mapping case too (originally, folio lock and unmapping and no swap cache left an anon folio unreachable, so no freezing was needed there: but the deferred split queue offers a way to reach it). Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42234 CVE - 2024-42234 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Alma Linux: CVE-2024-42246: Important: kernel security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN. ECONNREFUSED as error seems reasonable. For programs setting a different error can be out of reach (see handling in 4fbac77d2d09) in particular on kernels which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean"), thus given that it is better to simply remap for consistent behavior. UDP does handle EPERM in xs_udp_send_request(). Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2024-42246 CVE - 2024-42246 https://errata.almalinux.org/8/ALSA-2024-7000.html https://errata.almalinux.org/8/ALSA-2024-7001.html https://errata.almalinux.org/9/ALSA-2024-6997.html

Ubuntu: (Multiple Advisories) (CVE-2024-42232): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/14/2024 Added 09/13/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting().Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic.This part was missed in commit b5d91704f53e ("libceph: behave in mon_fault() if cur_mon < 0") and use-after-free can still ensue on monc and objects that hang off of it, with monc->auth and monc->monmap being particularly susceptible to quickly being reused. To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1043-iot ubuntu-upgrade-linux-image-5-4-0-1051-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1079-ibm ubuntu-upgrade-linux-image-5-4-0-1092-bluefield ubuntu-upgrade-linux-image-5-4-0-1099-gkeop ubuntu-upgrade-linux-image-5-4-0-1116-raspi ubuntu-upgrade-linux-image-5-4-0-1120-kvm ubuntu-upgrade-linux-image-5-4-0-1131-oracle ubuntu-upgrade-linux-image-5-4-0-1132-aws ubuntu-upgrade-linux-image-5-4-0-1136-gcp ubuntu-upgrade-linux-image-5-4-0-1137-azure ubuntu-upgrade-linux-image-5-4-0-195-generic ubuntu-upgrade-linux-image-5-4-0-195-generic-lpae ubuntu-upgrade-linux-image-5-4-0-195-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42232 CVE - 2024-42232 USN-7003-1 USN-7003-2 USN-7003-3 USN-7003-4 USN-7003-5 USN-7006-1 USN-7007-1 USN-7007-2 USN-7007-3 USN-7009-1 USN-7009-2 USN-7019-1 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Ubuntu: (Multiple Advisories) (CVE-2024-42245): Linux kernel kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue. Solution(s) ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 References https://attackerkb.com/topics/cve-2024-42245 CVE - 2024-42245 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7156-1 View more

Red Hat: CVE-2024-42246: kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/20/2024 Added 09/19/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely to expect from the network system - such as ECONNREFUSED or ENETDOWN. ECONNREFUSED as error seems reasonable. For programs setting a different error can be out of reach (see handling in 4fbac77d2d09) in particular on kernels which do not have f10d05966196 ("bpf: Make BPF_PROG_RUN_ARRAY return -err instead of allow boolean"), thus given that it is better to simply remap for consistent behavior. UDP does handle EPERM in xs_udp_send_request(). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-42246 RHSA-2024:6744 RHSA-2024:6745 RHSA-2024:6997 RHSA-2024:7000 RHSA-2024:7001

Ubuntu: (Multiple Advisories) (CVE-2024-42240): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/17/2024 Added 09/16/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] Solution(s) ubuntu-upgrade-linux-image-4-15-0-1137-oracle ubuntu-upgrade-linux-image-4-15-0-1158-kvm ubuntu-upgrade-linux-image-4-15-0-1168-gcp ubuntu-upgrade-linux-image-4-15-0-1175-aws ubuntu-upgrade-linux-image-4-15-0-1183-azure ubuntu-upgrade-linux-image-4-15-0-231-generic ubuntu-upgrade-linux-image-4-15-0-231-lowlatency ubuntu-upgrade-linux-image-4-4-0-1138-aws ubuntu-upgrade-linux-image-4-4-0-1139-kvm ubuntu-upgrade-linux-image-4-4-0-1176-aws ubuntu-upgrade-linux-image-4-4-0-261-generic ubuntu-upgrade-linux-image-4-4-0-261-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1052-gkeop ubuntu-upgrade-linux-image-5-15-0-1062-ibm ubuntu-upgrade-linux-image-5-15-0-1062-raspi ubuntu-upgrade-linux-image-5-15-0-1064-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1064-nvidia ubuntu-upgrade-linux-image-5-15-0-1064-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1066-gke ubuntu-upgrade-linux-image-5-15-0-1066-kvm ubuntu-upgrade-linux-image-5-15-0-1067-oracle ubuntu-upgrade-linux-image-5-15-0-1068-gcp ubuntu-upgrade-linux-image-5-15-0-1069-aws ubuntu-upgrade-linux-image-5-15-0-1072-azure ubuntu-upgrade-linux-image-5-15-0-1072-azure-fde ubuntu-upgrade-linux-image-5-15-0-121-generic ubuntu-upgrade-linux-image-5-15-0-121-generic-64k ubuntu-upgrade-linux-image-5-15-0-121-generic-lpae ubuntu-upgrade-linux-image-5-15-0-121-lowlatency ubuntu-upgrade-linux-image-5-15-0-121-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1045-iot ubuntu-upgrade-linux-image-5-4-0-1055-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1083-ibm ubuntu-upgrade-linux-image-5-4-0-1096-bluefield ubuntu-upgrade-linux-image-5-4-0-1120-raspi ubuntu-upgrade-linux-image-5-4-0-1124-kvm ubuntu-upgrade-linux-image-5-4-0-1135-oracle ubuntu-upgrade-linux-image-5-4-0-1136-aws ubuntu-upgrade-linux-image-5-4-0-1140-gcp ubuntu-upgrade-linux-image-5-4-0-1142-azure ubuntu-upgrade-linux-image-5-4-0-202-generic ubuntu-upgrade-linux-image-5-4-0-202-generic-lpae ubuntu-upgrade-linux-image-5-4-0-202-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1013-gke ubuntu-upgrade-linux-image-6-8-0-1014-ibm ubuntu-upgrade-linux-image-6-8-0-1014-raspi ubuntu-upgrade-linux-image-6-8-0-1015-oracle ubuntu-upgrade-linux-image-6-8-0-1015-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1016-azure ubuntu-upgrade-linux-image-6-8-0-1016-azure-fde ubuntu-upgrade-linux-image-6-8-0-1016-gcp ubuntu-upgrade-linux-image-6-8-0-1016-oem ubuntu-upgrade-linux-image-6-8-0-1017-azure ubuntu-upgrade-linux-image-6-8-0-1017-azure-fde ubuntu-upgrade-linux-image-6-8-0-1017-gcp ubuntu-upgrade-linux-image-6-8-0-1017-nvidia ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1017-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1018-aws ubuntu-upgrade-linux-image-6-8-0-48-generic ubuntu-upgrade-linux-image-6-8-0-48-generic-64k ubuntu-upgrade-linux-image-6-8-0-48-lowlatency ubuntu-upgrade-linux-image-6-8-0-48-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42240 CVE - 2024-42240 USN-7007-1 USN-7007-2 USN-7007-3 USN-7009-1 USN-7009-2 USN-7019-1 USN-7089-1 USN-7089-2 USN-7089-3 USN-7089-4 USN-7089-5 USN-7089-6 USN-7089-7 USN-7090-1 USN-7095-1 USN-7121-1 USN-7121-2 USN-7121-3 USN-7148-1 USN-7156-1 USN-7159-1 USN-7159-2 USN-7159-3 USN-7159-4 USN-7159-5 USN-7195-1 USN-7195-2 View more

Red Hat: CVE-2024-42240: kernel: x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/26/2024 Added 09/25/2024 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ] Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-42240 RHSA-2024:10771 RHSA-2024:10772 RHSA-2024:10773 RHSA-2024:7000 RHSA-2024:7001 RHSA-2024:9315 View more

Debian: CVE-2024-42244: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ] Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-42244 CVE - 2024-42244 DSA-5747-1

VMware Photon OS: CVE-2024-42236 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-42236 CVE - 2024-42236

FreeBSD: VID-DB8FA362-0CCB-4AA8-9220-72B7763E9A4A (CVE-2024-43045): jenkins -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:P) Published 08/07/2024 Created 08/10/2024 Added 08/08/2024 Modified 01/28/2025 Description Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". Solution(s) freebsd-upgrade-package-jenkins freebsd-upgrade-package-jenkins-lts References CVE-2024-43045

Alma Linux: CVE-2024-42238: Important: kernel security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2024 Created 09/27/2024 Added 09/26/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region. This protected against overrunning the end of the file data, but it didn't abort the file processing with an error. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-42238 CVE - 2024-42238 https://errata.almalinux.org/8/ALSA-2024-7000.html https://errata.almalinux.org/8/ALSA-2024-7001.html

Oracle Linux: CVE-2024-42247: ELSA-2024-12618: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/07/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned memory accesses by instead using the get_unaligned_be64() helper macro. [Jason: replace src[8] in original patch with src+8] Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42247 CVE - 2024-42247 ELSA-2024-12618