ISHACK AI BOT

Huawei EulerOS: CVE-2022-48855: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/16/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak [1] of 4 bytes. After analysis, it turned out r->idiag_expires is not initialized if inet_sctp_diag_fill() calls inet_diag_msg_common_fill() Make sure to clear idiag_timer/idiag_retrans/idiag_expires and let inet_diag_msg_sctpasoc_fill() fill them again if needed. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __do_sys_recvfrom net/socket.c:2115 [inline] __se_sys_recvfrom net/socket.c:2111 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1158 [inline] netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] sock_write_iter+0x594/0x690 net/socket.c:1061 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:924 [inline] do_writev+0x645/0xe00 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [inline] __se_sys_writev fs/read_write.c:1037 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 68-71 of 2508 are uninitialized Memory access of size 2508 starts at ffff888114f9b000 Data copied to user address 00007f7fe09ff2e0 CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48855 CVE - 2022-48855 EulerOS-SA-2024-2544

Huawei EulerOS: CVE-2022-48865: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: tipc: fix kernel panic when enabling bearer When enabling a bearer on a node, a kernel panic is observed: [4.498085] RIP: 0010:tipc_mon_prep+0x4e/0x130 [tipc] ... [4.520030] Call Trace: [4.520689]<IRQ> [4.521236]tipc_link_build_proto_msg+0x375/0x750 [tipc] [4.522654]tipc_link_build_state_msg+0x48/0xc0 [tipc] [4.524034]__tipc_node_link_up+0xd7/0x290 [tipc] [4.525292]tipc_rcv+0x5da/0x730 [tipc] [4.526346]? __netif_receive_skb_core+0xb7/0xfc0 [4.527601]tipc_l2_rcv_msg+0x5e/0x90 [tipc] [4.528737]__netif_receive_skb_list_core+0x20b/0x260 [4.530068]netif_receive_skb_list_internal+0x1bf/0x2e0 [4.531450]? dev_gro_receive+0x4c2/0x680 [4.532512]napi_complete_done+0x6f/0x180 [4.533570]virtnet_poll+0x29c/0x42e [virtio_net] ... The node in question is receiving activate messages in another thread after changing bearer status to allow message sending/ receiving in current thread: thread 1 |thread 2 -------- |-------- | tipc_enable_bearer()| test_and_set_bit_lock() | tipc_bearer_xmit_skb()| | tipc_l2_rcv_msg() | tipc_rcv() | __tipc_node_link_up() | tipc_link_build_state_msg() | tipc_link_build_proto_msg() | tipc_mon_prep() | { | ... | // null-pointer dereference | u16 gen = mon->dom_gen; | ... | } // Not being executed yet | tipc_mon_create() | { | ... | // allocate | mon = kzalloc();| ... | } | Monitoring pointer in thread 2 is dereferenced before monitoring data is allocated in thread 1. This causes kernel panic. This commit fixes it by allocating the monitoring data before enabling the bearer to receive messages. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48865 CVE - 2022-48865 EulerOS-SA-2024-2544

Rocky Linux: CVE-2024-6655: gtk3 (RLSA-2024-6963) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 10/03/2024 Added 10/02/2024 Modified 11/18/2024 Description A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. Solution(s) rocky-upgrade-gtk-update-icon-cache rocky-upgrade-gtk-update-icon-cache-debuginfo rocky-upgrade-gtk3 rocky-upgrade-gtk3-debuginfo rocky-upgrade-gtk3-debugsource rocky-upgrade-gtk3-devel rocky-upgrade-gtk3-devel-debuginfo rocky-upgrade-gtk3-devel-docs rocky-upgrade-gtk3-immodule-xim rocky-upgrade-gtk3-immodule-xim-debuginfo References https://attackerkb.com/topics/cve-2024-6655 CVE - 2024-6655 https://errata.rockylinux.org/RLSA-2024:6963

VMware Photon OS: CVE-2024-21127 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.37 and prior and8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21127 CVE - 2024-21127

Ubuntu: (CVE-2021-47622): linux-intel-iotg-5.15 vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows: Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Call trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0x12c/0x298 blk_mq_get_tag+0x210/0x480 __blk_mq_alloc_request+0x1c8/0x284 blk_get_request+0x74/0x134 ufshcd_exec_dev_cmd+0x68/0x640 ufshcd_verify_dev_init+0x68/0x35c ufshcd_probe_hba+0x12c/0x1cb8 ufshcd_host_reset_and_restore+0x88/0x254 ufshcd_reset_and_restore+0xd0/0x354 ufshcd_err_handler+0x408/0xc58 process_one_work+0x24c/0x66c worker_thread+0x3e8/0xa4c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 Fix this lockup by making ufshcd_exec_dev_cmd() allocate a reserved request. Solution(s) ubuntu-upgrade-linux-intel-iotg-5-15 References https://attackerkb.com/topics/cve-2021-47622 CVE - 2021-47622 https://git.kernel.org/linus/945c3cca05d78351bba29fa65d93834cb7934c7b https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724 https://git.kernel.org/stable/c/945c3cca05d78351bba29fa65d93834cb7934c7b https://git.kernel.org/stable/c/d69d98d8edf90e25e4e09930dd36dd6d09dd6768 https://www.cve.org/CVERecord?id=CVE-2021-47622

Ubuntu: (CVE-2022-48824): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and crash the kernel. [1.105606] myrs 0000:00:03.0: Unknown Initialization Error 5A [1.105872] myrs 0000:00:03.0: Failed to initialize Controller [1.106082] BUG: kernel NULL pointer dereference, address: 0000000000000000 [1.110774] Call Trace: [1.110950]myrs_cleanup+0xe4/0x150 [myrs] [1.111135]myrs_probe.cold+0x91/0x56a [myrs] [1.111302]? DAC960_GEM_intr_handler+0x1f0/0x1f0 [myrs] [1.111500]local_pci_probe+0x48/0x90 Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2022-48824 CVE - 2022-48824 https://git.kernel.org/linus/4db09593af0b0b4d7d4805ebb3273df51d7cc30d https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929 https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23 https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162 https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19 https://www.cve.org/CVERecord?id=CVE-2022-48824 View more

Amazon Linux AMI 2: CVE-2022-48809: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 08/20/2024 Added 08/19/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to have a non-shared dst+metadata attached to a specific skb. The issue is the uncloned dst+metadata is initialized with a refcount of 1, which is increased to 2 before attaching it to the skb. When tun_dst_unclone returns, the dst+metadata is only referenced from a single place (the skb) while its refcount is 2. Its refcount will never drop to 0 (when the skb is consumed), leading to a memory leak. Fix this by removing the call to dst_hold in tun_dst_unclone, as the dst+metadata refcount is already 1. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-268-205-500 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-102-99-473 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48809 AL2/ALAS-2022-1761 AL2/ALASKERNEL-5.10-2022-011 AL2/ALASKERNEL-5.4-2022-023 CVE - 2022-48809

Amazon Linux AMI 2: CVE-2022-48827: Security patch for kernel (ALASKERNEL-5.10-2024-064) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to server rsize of 0x1000. > > As a result, in a test where the server has a file of size > 0x7fffffffffffffff, and the client tries to read from the offset > 0x7ffffffffffff000, the read causes loff_t overflow in the server > and it returns an NFS code of EINVAL to the client. The client as > a result indefinitely retries the request. The Linux NFS client does not handle NFS?ERR_INVAL, even though all NFS specifications permit servers to return that status code for a READ. Instead of NFS?ERR_INVAL, have out-of-range READ requests succeed and return a short result. Set the EOF flag in the result to prevent the client from retrying the READ request. This behavior appears to be consistent with Solaris NFS servers. Note that NFSv3 and NFSv4 use u64 offset values on the wire. These must be converted to loff_t internally before use -- an implicit type cast is not adequate for this purpose. Otherwise VFS checks against sb->s_maxbytes do not work properly. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-220-209-867 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48827 AL2/ALASKERNEL-5.10-2024-064 CVE - 2022-48827

Alma Linux: CVE-2024-41008: Important: kernel security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/26/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted. - introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info - last put to task_info() frees task_info from the vm. This patch also does logistical changes required for existing usage of vm->task_info. V2: Do not block all the prints when task_info not found (Felix) V3: Fixed review comments from Felix - Fix wrong indentation - No debug message for -ENOMEM - Add NULL check for task_info - Do not duplicate the debug messages (ti vs no ti) - Get first reference of task_info in vm_init(), put last in vm_fini() V4: Fixed review comments from Felix - fix double reference increment in create_task_info - change amdgpu_vm_get_task_info_pasid - additional changes in amdgpu_gem.c while porting Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-41008 CVE - 2024-41008 https://errata.almalinux.org/8/ALSA-2024-7000.html https://errata.almalinux.org/8/ALSA-2024-7001.html

Amazon Linux AMI 2: CVE-2022-48828: Security patch for kernel (ALASKERNEL-5.10-2024-064) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS client can send that is already larger than Linux can handle. Currently decode_fattr4() dumps a full u64 value into ia_size. If that value happens to be larger than S64_MAX, then ia_size underflows. I'm about to fix up the NFSv3 behavior as well, so let's catch the underflow in the common code path: nfsd_setattr(). Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-220-209-867 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48828 AL2/ALASKERNEL-5.10-2024-064 CVE - 2022-48828

Amazon Linux 2023: CVE-2024-21140: Important priority package update for java-22-amazon-corretto (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:N) Published 07/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-17-amazon-corretto amazon-linux-2023-upgrade-java-17-amazon-corretto-devel amazon-linux-2023-upgrade-java-17-amazon-corretto-headless amazon-linux-2023-upgrade-java-17-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-17-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto amazon-linux-2023-upgrade-java-21-amazon-corretto-devel amazon-linux-2023-upgrade-java-21-amazon-corretto-headless amazon-linux-2023-upgrade-java-21-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-21-amazon-corretto-jmods amazon-linux-2023-upgrade-java-22-amazon-corretto amazon-linux-2023-upgrade-java-22-amazon-corretto-devel amazon-linux-2023-upgrade-java-22-amazon-corretto-headless amazon-linux-2023-upgrade-java-22-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-22-amazon-corretto-jmods References https://attackerkb.com/topics/cve-2024-21140 CVE - 2024-21140 https://alas.aws.amazon.com/AL2023/ALAS-2024-667.html https://alas.aws.amazon.com/AL2023/ALAS-2024-668.html https://alas.aws.amazon.com/AL2023/ALAS-2024-669.html https://alas.aws.amazon.com/AL2023/ALAS-2024-670.html https://alas.aws.amazon.com/AL2023/ALAS-2024-671.html

Amazon Linux 2023: CVE-2024-21144: Important priority package update for java-11-amazon-corretto (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:P) Published 07/16/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency).Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel References https://attackerkb.com/topics/cve-2024-21144 CVE - 2024-21144 https://alas.aws.amazon.com/AL2023/ALAS-2024-670.html https://alas.aws.amazon.com/AL2023/ALAS-2024-671.html

Amazon Linux AMI 2: CVE-2022-48847: Security patch for kernel (ALASKERNEL-5.10-2022-012) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/16/2024 Created 08/29/2024 Added 08/28/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we check that the filter type value does not exceed what the type_filter bitmap can hold.One place calculates the number of bits by: if (tf[i].type >= sizeof(wfilter->type_filter) * 8) which is fine, but the second does: if (tf[i].type >= sizeof(wfilter->type_filter) * BITS_PER_LONG) which is not.This can lead to a couple of out-of-bounds writes due to a too-large type: (1) __set_bit() on wfilter->type_filter (2) Writing more elements in wfilter->filters[] than we allocated. Fix this by just using the proper WATCH_TYPE__NR instead, which is the number of types we actually know about. The bug may cause an oops looking something like: BUG: KASAN: slab-out-of-bounds in watch_queue_set_filter+0x659/0x740 Write of size 4 at addr ffff88800d2c66bc by task watch_queue_oob/611 ... Call Trace: <TASK> dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x150 ... kasan_report.cold+0x7f/0x11b ... watch_queue_set_filter+0x659/0x740 ... __x64_sys_ioctl+0x127/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 611: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x81/0xa0 watch_queue_set_filter+0x23a/0x740 __x64_sys_ioctl+0x127/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88800d2c66a0 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 28 bytes inside of 32-byte region [ffff88800d2c66a0, ffff88800d2c66c0) Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-106-102-504 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48847 AL2/ALASKERNEL-5.10-2022-012 CVE - 2022-48847

Amazon Linux AMI 2: CVE-2022-48855: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/16/2024 Created 08/20/2024 Added 08/19/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak [1] of 4 bytes. After analysis, it turned out r->idiag_expires is not initialized if inet_sctp_diag_fill() calls inet_diag_msg_common_fill() Make sure to clear idiag_timer/idiag_retrans/idiag_expires and let inet_diag_msg_sctpasoc_fill() fill them again if needed. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __do_sys_recvfrom net/socket.c:2115 [inline] __se_sys_recvfrom net/socket.c:2111 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1158 [inline] netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] sock_write_iter+0x594/0x690 net/socket.c:1061 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:924 [inline] do_writev+0x645/0xe00 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [inline] __se_sys_writev fs/read_write.c:1037 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 68-71 of 2508 are uninitialized Memory access of size 2508 starts at ffff888114f9b000 Data copied to user address 00007f7fe09ff2e0 CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-273-207-502 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-106-102-504 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48855 AL2/ALAS-2022-1768 AL2/ALASKERNEL-5.10-2022-012 AL2/ALASKERNEL-5.4-2022-024 CVE - 2022-48855

Huawei EulerOS: CVE-2022-48823: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [974.309065] [0000:00:00.0]:[qedf_initiate_tmf:2422]: tm_flags 0x10 sc_cmd 00000000c16b930f op = 0x2a target_id = 0x2 lun=0 [974.309178] [0000:00:00.0]:[qedf_initiate_tmf:2431]: portid=016900 tm_flags =LUN RESET [974.309222] [0000:00:00.0]:[qedf_initiate_tmf:2438]: orig io_req = 00000000ec78df8f xid = 0x180 ref_cnt = 1. [974.309625] host1: rport 016900: Received LOGO request while in state Ready [974.309627] host1: rport 016900: Delete port [974.309642] host1: rport 016900: work event 3 [974.309644] host1: rport 016900: lld callback ev 3 [974.313243] [0000:61:00.2]:[qedf_execute_tmf:2383]:1: fcport is uploading, not executing flush. [974.313295] [0000:61:00.2]:[qedf_execute_tmf:2400]:1: task mgmt command success... [984.031088] INFO: task jbd2/dm-15-8:7645 blocked for more than 120 seconds. [984.031136] Not tainted 4.18.0-305.el8.x86_64 #1 [984.031166] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [984.031209] jbd2/dm-15-8D076452 0x80004080 [984.031212] Call Trace: [984.031222]__schedule+0x2c4/0x700 [984.031230]? unfreeze_partials.isra.83+0x16e/0x1a0 [984.031233]? bit_wait_timeout+0x90/0x90 [984.031235]schedule+0x38/0xa0 [984.031238]io_schedule+0x12/0x40 [984.031240]bit_wait_io+0xd/0x50 [984.031243]__wait_on_bit+0x6c/0x80 [984.031248]? free_buffer_head+0x21/0x50 [984.031251]out_of_line_wait_on_bit+0x91/0xb0 [984.031257]? init_wait_var_entry+0x50/0x50 [984.031268]jbd2_journal_commit_transaction+0x112e/0x19f0 [jbd2] [984.031280]kjournald2+0xbd/0x270 [jbd2] [984.031284]? finish_wait+0x80/0x80 [984.031291]? commit_timeout+0x10/0x10 [jbd2] [984.031294]kthread+0x116/0x130 [984.031300]? kthread_flush_work_fn+0x10/0x10 [984.031305]ret_from_fork+0x1f/0x40 There was a ref count issue when LOGO is received during TMF. This leads to one of the I/Os hanging with the driver. Fix the ref count. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48823 CVE - 2022-48823 EulerOS-SA-2024-2394

VMware Photon OS: CVE-2024-21129 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).Supported versions that are affected are 8.0.37 and prior and8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21129 CVE - 2024-21129

VMware Photon OS: CVE-2024-21159 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21159 CVE - 2024-21159

VMware Photon OS: CVE-2024-21165 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21165 CVE - 2024-21165

VMware Photon OS: CVE-2024-21166 Severity 6 CVSS (AV:N/AC:H/Au:M/C:N/I:C/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21166 CVE - 2024-21166

VMware Photon OS: CVE-2024-21177 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.37 and prior and8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-21177 CVE - 2024-21177

Rocky Linux: CVE-2022-48866: kernel-rt (RLSA-2024-7001) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/16/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2022-48866 CVE - 2022-48866 https://errata.rockylinux.org/RLSA-2024:7001

AdoptOpenJDK: CVE-2024-21140: Vulnerability in the Hotspot component Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 07/16/2024 Created 07/26/2024 Added 07/23/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2024-21140 CVE - 2024-21140 https://adoptopenjdk.net/releases

Rocky Linux: CVE-2021-47624: kernel-rt (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 07/16/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", the function simply returns -EINVAL and forgets to decrease the reference count of a rpc_xprt object and a rpc_xprt_switch object increased by rpc_sysfs_xprt_kobj_get_xprt() and rpc_sysfs_xprt_kobj_get_xprt_switch(), causing reference count leaks of both unused objects. Fix this issue by jumping to the error handling path labelled with out_put when buf matches none of "offline", "online" or "remove". Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2021-47624 CVE - 2021-47624 https://errata.rockylinux.org/RLSA-2024:5101 https://errata.rockylinux.org/RLSA-2024:5102

Ubuntu: (Multiple Advisories) (CVE-2024-39908): Ruby vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/16/2024 Created 11/07/2024 Added 11/06/2024 Modified 02/07/2025 Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings. Solution(s) ubuntu-upgrade-libruby2-7 ubuntu-upgrade-libruby3-0 ubuntu-upgrade-libruby3-2 ubuntu-upgrade-libruby3-3 ubuntu-upgrade-ruby2-7 ubuntu-upgrade-ruby3-0 ubuntu-upgrade-ruby3-2 ubuntu-upgrade-ruby3-3 References https://attackerkb.com/topics/cve-2024-39908 CVE - 2024-39908 USN-7091-1 USN-7091-2 USN-7256-1

Oracle WebLogic: CVE-2024-21181 : Critical Patch Update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/16/2024 Created 07/27/2024 Added 07/25/2024 Modified 01/28/2025 Description Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).Supported versions that are affected are 12.2.1.4.0 and14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Solution(s) oracle-weblogic-jul-2024-cpu-12_2_1_4_0 oracle-weblogic-jul-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2024-21181 CVE - 2024-21181 http://www.oracle.com/security-alerts/cpujul2024.html https://support.oracle.com/rs?type=doc&id=3030266.2