ISHACK AI BOT

Amazon Linux AMI 2: CVE-2022-48659: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/28/2024 Created 08/03/2024 Added 08/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335 kmem_cache_create+0x1c/0x28 mm/slab_common.c:390 f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline] f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808 f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149 mount_bdev+0x1b8/0x210 fs/super.c:1400 f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512 legacy_get_tree+0x30/0x74 fs/fs_context.c:610 vfs_get_tree+0x40/0x140 fs/super.c:1530 do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040 path_mount+0x358/0x914 fs/namespace.c:3370 do_mount fs/namespace.c:3383 [inline] __do_sys_mount fs/namespace.c:3591 [inline] __se_sys_mount fs/namespace.c:3568 [inline] __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568 Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-296-222-539 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-147-133-644 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-73-48-135 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2022-48659 AL2/ALAS-2022-1876 AL2/ALASKERNEL-5.10-2022-021 AL2/ALASKERNEL-5.15-2022-009 AL2/ALASKERNEL-5.4-2022-037 CVE - 2022-48659

Huawei EulerOS: CVE-2022-48652: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/28/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: ice: Fix crash by keep old cfg when update TCs more than queues There are problems if allocated queues less than Traffic Classes. Commit a632b2a4c920 ("ice: ethtool: Prohibit improper channel config for DCB") already disallow setting less queues than TCs. Another case is if we first set less queues, and later update more TCs config due to LLDP, ice_vsi_cfg_tc() will failed but left dirty num_txq/rxq and tc_cfg in vsi, that will cause invalid pointer access. [ 95.968089] ice 0000:3b:00.1: More TCs defined than queues/rings allocated. [ 95.968092] ice 0000:3b:00.1: Trying to use more Rx queues (8), than were allocated (1)! [ 95.968093] ice 0000:3b:00.1: Failed to config TC for VSI index: 0 [ 95.969621] general protection fault: 0000 [#1] SMP NOPTI [ 95.969705] CPU: 1 PID: 58405 Comm: lldpad Kdump: loaded Tainted: G UWO --------- -t - 4.18.0 #1 [ 95.969867] Hardware name: O.E.M/BC11SPSCB10, BIOS 8.23 12/30/2021 [ 95.969992] RIP: 0010:devm_kmalloc+0xa/0x60 [ 95.970052] Code: 5c ff ff ff 31 c0 5b 5d 41 5c c3 b8 f4 ff ff ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 89 d1 <8b> 97 60 02 00 00 48 8d 7e 18 48 39 f7 72 3f 55 89 ce 53 48 8b 4c [ 95.970344] RSP: 0018:ffffc9003f553888 EFLAGS: 00010206 [ 95.970425] RAX: dead000000000200 RBX: ffffea003c425b00 RCX: 00000000006080c0 [ 95.970536] RDX: 00000000006080c0 RSI: 0000000000000200 RDI: dead000000000200 [ 95.970648] RBP: dead000000000200 R08: 00000000000463c0 R09: ffff888ffa900000 [ 95.970760] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888ff6b40100 [ 95.970870] R13: ffff888ff6a55018 R14: 0000000000000000 R15: ffff888ff6a55460 [ 95.970981] FS:00007f51b7d24700(0000) GS:ffff88903ee80000(0000) knlGS:0000000000000000 [ 95.971108] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.971197] CR2: 00007fac5410d710 CR3: 0000000f2c1de002 CR4: 00000000007606e0 [ 95.971309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 95.971419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 95.971530] PKRU: 55555554 [ 95.971573] Call Trace: [ 95.971622]ice_setup_rx_ring+0x39/0x110 [ice] [ 95.971695]ice_vsi_setup_rx_rings+0x54/0x90 [ice] [ 95.971774]ice_vsi_open+0x25/0x120 [ice] [ 95.971843]ice_open_internal+0xb8/0x1f0 [ice] [ 95.971919]ice_ena_vsi+0x4f/0xd0 [ice] [ 95.971987]ice_dcb_ena_dis_vsi.constprop.5+0x29/0x90 [ice] [ 95.972082]ice_pf_dcb_cfg+0x29a/0x380 [ice] [ 95.972154]ice_dcbnl_setets+0x174/0x1b0 [ice] [ 95.972220]dcbnl_ieee_set+0x89/0x230 [ 95.972279]? dcbnl_ieee_del+0x150/0x150 [ 95.972341]dcb_doit+0x124/0x1b0 [ 95.972392]rtnetlink_rcv_msg+0x243/0x2f0 [ 95.972457]? dcb_doit+0x14d/0x1b0 [ 95.972510]? __kmalloc_node_track_caller+0x1d3/0x280 [ 95.972591]? rtnl_calcit.isra.31+0x100/0x100 [ 95.972661]netlink_rcv_skb+0xcf/0xf0 [ 95.972720]netlink_unicast+0x16d/0x220 [ 95.972781]netlink_sendmsg+0x2ba/0x3a0 [ 95.975891]sock_sendmsg+0x4c/0x50 [ 95.979032]___sys_sendmsg+0x2e4/0x300 [ 95.982147]? kmem_cache_alloc+0x13e/0x190 [ 95.985242]? __wake_up_common_lock+0x79/0x90 [ 95.988338]? __check_object_size+0xac/0x1b0 [ 95.991440]? _copy_to_user+0x22/0x30 [ 95.994539]? move_addr_to_user+0xbb/0xd0 [ 95.997619]? __sys_sendmsg+0x53/0x80 [ 96.000664]__sys_sendmsg+0x53/0x80 [ 96.003747]do_syscall_64+0x5b/0x1d0 [ 96.006862]entry_SYSCALL_64_after_hwframe+0x65/0xca Only update num_txq/rxq when passed check, and restore tc_cfg if setup queue map failed. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48652 CVE - 2022-48652 EulerOS-SA-2024-2585

Debian: CVE-2023-52722: ghostscript -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/28/2024 Created 05/18/2024 Added 05/17/2024 Modified 07/31/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2023-52722 CVE - 2023-52722 DSA-5692-1

SUSE: CVE-2022-48642: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/28/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority") when nft_chain_offload_priority() returned an error. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2022-48642 CVE - 2022-48642

Ubuntu: USN-6803-1 (CVE-2023-51794): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/23/2025 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra57 ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec-ffmpeg-extra56 ubuntu-pro-upgrade-libavcodec-ffmpeg56 ubuntu-pro-upgrade-libavcodec57 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice-ffmpeg56 ubuntu-pro-upgrade-libavdevice57 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra6 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter-ffmpeg5 ubuntu-pro-upgrade-libavfilter6 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat-ffmpeg56 ubuntu-pro-upgrade-libavformat57 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavresample-ffmpeg2 ubuntu-pro-upgrade-libavresample3 ubuntu-pro-upgrade-libavresample4 ubuntu-pro-upgrade-libavutil-ffmpeg54 ubuntu-pro-upgrade-libavutil55 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc-ffmpeg53 ubuntu-pro-upgrade-libpostproc54 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample-ffmpeg1 ubuntu-pro-upgrade-libswresample2 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale-ffmpeg3 ubuntu-pro-upgrade-libswscale4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-51794 CVE - 2023-51794 USN-6803-1

SUSE: CVE-2024-2756: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 04/29/2024 Added 04/29/2024 Modified 05/03/2024 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Solution(s) suse-upgrade-apache2-mod_php7 suse-upgrade-apache2-mod_php74 suse-upgrade-apache2-mod_php8 suse-upgrade-apache2-mod_php81 suse-upgrade-php7 suse-upgrade-php7-bcmath suse-upgrade-php7-bz2 suse-upgrade-php7-calendar suse-upgrade-php7-cli suse-upgrade-php7-ctype suse-upgrade-php7-curl suse-upgrade-php7-dba suse-upgrade-php7-devel suse-upgrade-php7-dom suse-upgrade-php7-embed suse-upgrade-php7-enchant suse-upgrade-php7-exif suse-upgrade-php7-fastcgi suse-upgrade-php7-fileinfo suse-upgrade-php7-fpm suse-upgrade-php7-ftp suse-upgrade-php7-gd suse-upgrade-php7-gettext suse-upgrade-php7-gmp suse-upgrade-php7-iconv suse-upgrade-php7-intl suse-upgrade-php7-json suse-upgrade-php7-ldap suse-upgrade-php7-mbstring suse-upgrade-php7-mysql suse-upgrade-php7-odbc suse-upgrade-php7-opcache suse-upgrade-php7-openssl suse-upgrade-php7-pcntl suse-upgrade-php7-pdo suse-upgrade-php7-pgsql suse-upgrade-php7-phar suse-upgrade-php7-posix suse-upgrade-php7-readline suse-upgrade-php7-shmop suse-upgrade-php7-snmp suse-upgrade-php7-soap suse-upgrade-php7-sockets suse-upgrade-php7-sodium suse-upgrade-php7-sqlite suse-upgrade-php7-sysvmsg suse-upgrade-php7-sysvsem suse-upgrade-php7-sysvshm suse-upgrade-php7-test suse-upgrade-php7-tidy suse-upgrade-php7-tokenizer suse-upgrade-php7-xmlreader suse-upgrade-php7-xmlrpc suse-upgrade-php7-xmlwriter suse-upgrade-php7-xsl suse-upgrade-php7-zip suse-upgrade-php7-zlib suse-upgrade-php74 suse-upgrade-php74-bcmath suse-upgrade-php74-bz2 suse-upgrade-php74-calendar suse-upgrade-php74-ctype suse-upgrade-php74-curl suse-upgrade-php74-dba suse-upgrade-php74-devel suse-upgrade-php74-dom suse-upgrade-php74-enchant suse-upgrade-php74-exif suse-upgrade-php74-fastcgi suse-upgrade-php74-fileinfo suse-upgrade-php74-fpm suse-upgrade-php74-ftp suse-upgrade-php74-gd suse-upgrade-php74-gettext suse-upgrade-php74-gmp suse-upgrade-php74-iconv suse-upgrade-php74-intl suse-upgrade-php74-json suse-upgrade-php74-ldap suse-upgrade-php74-mbstring suse-upgrade-php74-mysql suse-upgrade-php74-odbc suse-upgrade-php74-opcache suse-upgrade-php74-openssl suse-upgrade-php74-pcntl suse-upgrade-php74-pdo suse-upgrade-php74-pgsql suse-upgrade-php74-phar suse-upgrade-php74-posix suse-upgrade-php74-readline suse-upgrade-php74-shmop suse-upgrade-php74-snmp suse-upgrade-php74-soap suse-upgrade-php74-sockets suse-upgrade-php74-sodium suse-upgrade-php74-sqlite suse-upgrade-php74-sysvmsg suse-upgrade-php74-sysvsem suse-upgrade-php74-sysvshm suse-upgrade-php74-tidy suse-upgrade-php74-tokenizer suse-upgrade-php74-xmlreader suse-upgrade-php74-xmlrpc suse-upgrade-php74-xmlwriter suse-upgrade-php74-xsl suse-upgrade-php74-zip suse-upgrade-php74-zlib suse-upgrade-php8 suse-upgrade-php8-bcmath suse-upgrade-php8-bz2 suse-upgrade-php8-calendar suse-upgrade-php8-cli suse-upgrade-php8-ctype suse-upgrade-php8-curl suse-upgrade-php8-dba suse-upgrade-php8-devel suse-upgrade-php8-dom suse-upgrade-php8-embed suse-upgrade-php8-enchant suse-upgrade-php8-exif suse-upgrade-php8-fastcgi suse-upgrade-php8-fileinfo suse-upgrade-php8-fpm suse-upgrade-php8-ftp suse-upgrade-php8-gd suse-upgrade-php8-gettext suse-upgrade-php8-gmp suse-upgrade-php8-iconv suse-upgrade-php8-intl suse-upgrade-php8-ldap suse-upgrade-php8-mbstring suse-upgrade-php8-mysql suse-upgrade-php8-odbc suse-upgrade-php8-opcache suse-upgrade-php8-openssl suse-upgrade-php8-pcntl suse-upgrade-php8-pdo suse-upgrade-php8-pgsql suse-upgrade-php8-phar suse-upgrade-php8-posix suse-upgrade-php8-readline suse-upgrade-php8-shmop suse-upgrade-php8-snmp suse-upgrade-php8-soap suse-upgrade-php8-sockets suse-upgrade-php8-sodium suse-upgrade-php8-sqlite suse-upgrade-php8-sysvmsg suse-upgrade-php8-sysvsem suse-upgrade-php8-sysvshm suse-upgrade-php8-test suse-upgrade-php8-tidy suse-upgrade-php8-tokenizer suse-upgrade-php8-xmlreader suse-upgrade-php8-xmlwriter suse-upgrade-php8-xsl suse-upgrade-php8-zip suse-upgrade-php8-zlib suse-upgrade-php81 suse-upgrade-php81-bcmath suse-upgrade-php81-bz2 suse-upgrade-php81-calendar suse-upgrade-php81-cli suse-upgrade-php81-ctype suse-upgrade-php81-curl suse-upgrade-php81-dba suse-upgrade-php81-devel suse-upgrade-php81-dom suse-upgrade-php81-embed suse-upgrade-php81-enchant suse-upgrade-php81-exif suse-upgrade-php81-fastcgi suse-upgrade-php81-ffi suse-upgrade-php81-fileinfo suse-upgrade-php81-fpm suse-upgrade-php81-fpm-apache suse-upgrade-php81-ftp suse-upgrade-php81-gd suse-upgrade-php81-gettext suse-upgrade-php81-gmp suse-upgrade-php81-iconv suse-upgrade-php81-intl suse-upgrade-php81-ldap suse-upgrade-php81-mbstring suse-upgrade-php81-mysql suse-upgrade-php81-odbc suse-upgrade-php81-opcache suse-upgrade-php81-openssl suse-upgrade-php81-pcntl suse-upgrade-php81-pdo suse-upgrade-php81-pgsql suse-upgrade-php81-phar suse-upgrade-php81-posix suse-upgrade-php81-readline suse-upgrade-php81-shmop suse-upgrade-php81-snmp suse-upgrade-php81-soap suse-upgrade-php81-sockets suse-upgrade-php81-sodium suse-upgrade-php81-sqlite suse-upgrade-php81-sysvmsg suse-upgrade-php81-sysvsem suse-upgrade-php81-sysvshm suse-upgrade-php81-test suse-upgrade-php81-tidy suse-upgrade-php81-tokenizer suse-upgrade-php81-xmlreader suse-upgrade-php81-xmlwriter suse-upgrade-php81-xsl suse-upgrade-php81-zip suse-upgrade-php81-zlib References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756

Amazon Linux 2023: CVE-2023-52646: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/26/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 (&quot;aio: Make it possible to remap aio ring&quot;) introduced a null-deref if mremap is called on an old aio mapping after fork as mm-&gt;ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-15-28-43 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646 https://alas.aws.amazon.com/AL2023/ALAS-2023-127.html

Amazon Linux 2023: CVE-2022-48682: Medium priority package update for fdupes Severity 5 CVSS (AV:L/AC:H/Au:S/C:N/I:C/A:C) Published 04/26/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. Solution(s) amazon-linux-2023-upgrade-fdupes amazon-linux-2023-upgrade-fdupes-debuginfo amazon-linux-2023-upgrade-fdupes-debugsource References https://attackerkb.com/topics/cve-2022-48682 CVE - 2022-48682 https://alas.aws.amazon.com/AL2023/ALAS-2024-633.html

Debian: CVE-2024-31755: cjson -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 09/03/2024 Added 09/02/2024 Modified 09/02/2024 Description cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Solution(s) debian-upgrade-cjson References https://attackerkb.com/topics/cve-2024-31755 CVE - 2024-31755

Huawei EulerOS: CVE-2024-3154: docker-runc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Solution(s) huawei-euleros-2_0_sp12-upgrade-docker-runc References https://attackerkb.com/topics/cve-2024-3154 CVE - 2024-3154 EulerOS-SA-2024-2525

Ubuntu: (CVE-2023-52646): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iot-realtime ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 ubuntu-upgrade-linux-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646 https://git.kernel.org/linus/81e9d6f8647650a7bead74c5f926e29970e834d1 https://git.kernel.org/stable/c/178993157e8c50aef7f35d7d6d3b44bb428199e1 https://git.kernel.org/stable/c/4326d0080f7e84fba775da41d158f46cf9d3f1c2 https://git.kernel.org/stable/c/808f1e4b5723ae4eda724d2ad6f6638905eefd95 https://git.kernel.org/stable/c/81e9d6f8647650a7bead74c5f926e29970e834d1 https://git.kernel.org/stable/c/af126acf01a12bdb04986fd26fc2eb3b40249e0d https://git.kernel.org/stable/c/c261f798f7baa8080cf0214081d43d5f86bb073f https://git.kernel.org/stable/c/d8dca1bfe9adcae38b35add64977818c0c13dd22 https://www.cve.org/CVERecord?id=CVE-2023-52646 View more

SUSE: CVE-2024-3096: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 04/29/2024 Added 04/29/2024 Modified 05/03/2024 Description In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Solution(s) suse-upgrade-apache2-mod_php7 suse-upgrade-apache2-mod_php74 suse-upgrade-apache2-mod_php8 suse-upgrade-apache2-mod_php81 suse-upgrade-php7 suse-upgrade-php7-bcmath suse-upgrade-php7-bz2 suse-upgrade-php7-calendar suse-upgrade-php7-cli suse-upgrade-php7-ctype suse-upgrade-php7-curl suse-upgrade-php7-dba suse-upgrade-php7-devel suse-upgrade-php7-dom suse-upgrade-php7-embed suse-upgrade-php7-enchant suse-upgrade-php7-exif suse-upgrade-php7-fastcgi suse-upgrade-php7-fileinfo suse-upgrade-php7-fpm suse-upgrade-php7-ftp suse-upgrade-php7-gd suse-upgrade-php7-gettext suse-upgrade-php7-gmp suse-upgrade-php7-iconv suse-upgrade-php7-intl suse-upgrade-php7-json suse-upgrade-php7-ldap suse-upgrade-php7-mbstring suse-upgrade-php7-mysql suse-upgrade-php7-odbc suse-upgrade-php7-opcache suse-upgrade-php7-openssl suse-upgrade-php7-pcntl suse-upgrade-php7-pdo suse-upgrade-php7-pgsql suse-upgrade-php7-phar suse-upgrade-php7-posix suse-upgrade-php7-readline suse-upgrade-php7-shmop suse-upgrade-php7-snmp suse-upgrade-php7-soap suse-upgrade-php7-sockets suse-upgrade-php7-sodium suse-upgrade-php7-sqlite suse-upgrade-php7-sysvmsg suse-upgrade-php7-sysvsem suse-upgrade-php7-sysvshm suse-upgrade-php7-test suse-upgrade-php7-tidy suse-upgrade-php7-tokenizer suse-upgrade-php7-xmlreader suse-upgrade-php7-xmlrpc suse-upgrade-php7-xmlwriter suse-upgrade-php7-xsl suse-upgrade-php7-zip suse-upgrade-php7-zlib suse-upgrade-php74 suse-upgrade-php74-bcmath suse-upgrade-php74-bz2 suse-upgrade-php74-calendar suse-upgrade-php74-ctype suse-upgrade-php74-curl suse-upgrade-php74-dba suse-upgrade-php74-devel suse-upgrade-php74-dom suse-upgrade-php74-enchant suse-upgrade-php74-exif suse-upgrade-php74-fastcgi suse-upgrade-php74-fileinfo suse-upgrade-php74-fpm suse-upgrade-php74-ftp suse-upgrade-php74-gd suse-upgrade-php74-gettext suse-upgrade-php74-gmp suse-upgrade-php74-iconv suse-upgrade-php74-intl suse-upgrade-php74-json suse-upgrade-php74-ldap suse-upgrade-php74-mbstring suse-upgrade-php74-mysql suse-upgrade-php74-odbc suse-upgrade-php74-opcache suse-upgrade-php74-openssl suse-upgrade-php74-pcntl suse-upgrade-php74-pdo suse-upgrade-php74-pgsql suse-upgrade-php74-phar suse-upgrade-php74-posix suse-upgrade-php74-readline suse-upgrade-php74-shmop suse-upgrade-php74-snmp suse-upgrade-php74-soap suse-upgrade-php74-sockets suse-upgrade-php74-sodium suse-upgrade-php74-sqlite suse-upgrade-php74-sysvmsg suse-upgrade-php74-sysvsem suse-upgrade-php74-sysvshm suse-upgrade-php74-tidy suse-upgrade-php74-tokenizer suse-upgrade-php74-xmlreader suse-upgrade-php74-xmlrpc suse-upgrade-php74-xmlwriter suse-upgrade-php74-xsl suse-upgrade-php74-zip suse-upgrade-php74-zlib suse-upgrade-php8 suse-upgrade-php8-bcmath suse-upgrade-php8-bz2 suse-upgrade-php8-calendar suse-upgrade-php8-cli suse-upgrade-php8-ctype suse-upgrade-php8-curl suse-upgrade-php8-dba suse-upgrade-php8-devel suse-upgrade-php8-dom suse-upgrade-php8-embed suse-upgrade-php8-enchant suse-upgrade-php8-exif suse-upgrade-php8-fastcgi suse-upgrade-php8-fileinfo suse-upgrade-php8-fpm suse-upgrade-php8-ftp suse-upgrade-php8-gd suse-upgrade-php8-gettext suse-upgrade-php8-gmp suse-upgrade-php8-iconv suse-upgrade-php8-intl suse-upgrade-php8-ldap suse-upgrade-php8-mbstring suse-upgrade-php8-mysql suse-upgrade-php8-odbc suse-upgrade-php8-opcache suse-upgrade-php8-openssl suse-upgrade-php8-pcntl suse-upgrade-php8-pdo suse-upgrade-php8-pgsql suse-upgrade-php8-phar suse-upgrade-php8-posix suse-upgrade-php8-readline suse-upgrade-php8-shmop suse-upgrade-php8-snmp suse-upgrade-php8-soap suse-upgrade-php8-sockets suse-upgrade-php8-sodium suse-upgrade-php8-sqlite suse-upgrade-php8-sysvmsg suse-upgrade-php8-sysvsem suse-upgrade-php8-sysvshm suse-upgrade-php8-test suse-upgrade-php8-tidy suse-upgrade-php8-tokenizer suse-upgrade-php8-xmlreader suse-upgrade-php8-xmlwriter suse-upgrade-php8-xsl suse-upgrade-php8-zip suse-upgrade-php8-zlib suse-upgrade-php81 suse-upgrade-php81-bcmath suse-upgrade-php81-bz2 suse-upgrade-php81-calendar suse-upgrade-php81-cli suse-upgrade-php81-ctype suse-upgrade-php81-curl suse-upgrade-php81-dba suse-upgrade-php81-devel suse-upgrade-php81-dom suse-upgrade-php81-embed suse-upgrade-php81-enchant suse-upgrade-php81-exif suse-upgrade-php81-fastcgi suse-upgrade-php81-ffi suse-upgrade-php81-fileinfo suse-upgrade-php81-fpm suse-upgrade-php81-fpm-apache suse-upgrade-php81-ftp suse-upgrade-php81-gd suse-upgrade-php81-gettext suse-upgrade-php81-gmp suse-upgrade-php81-iconv suse-upgrade-php81-intl suse-upgrade-php81-ldap suse-upgrade-php81-mbstring suse-upgrade-php81-mysql suse-upgrade-php81-odbc suse-upgrade-php81-opcache suse-upgrade-php81-openssl suse-upgrade-php81-pcntl suse-upgrade-php81-pdo suse-upgrade-php81-pgsql suse-upgrade-php81-phar suse-upgrade-php81-posix suse-upgrade-php81-readline suse-upgrade-php81-shmop suse-upgrade-php81-snmp suse-upgrade-php81-soap suse-upgrade-php81-sockets suse-upgrade-php81-sodium suse-upgrade-php81-sqlite suse-upgrade-php81-sysvmsg suse-upgrade-php81-sysvsem suse-upgrade-php81-sysvshm suse-upgrade-php81-test suse-upgrade-php81-tidy suse-upgrade-php81-tokenizer suse-upgrade-php81-xmlreader suse-upgrade-php81-xmlwriter suse-upgrade-php81-xsl suse-upgrade-php81-zip suse-upgrade-php81-zlib References https://attackerkb.com/topics/cve-2024-3096 CVE - 2024-3096

SUSE: CVE-2023-51794: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 06/04/2024 Added 06/04/2024 Modified 06/04/2024 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Solution(s) suse-upgrade-ffmpeg suse-upgrade-ffmpeg-4 suse-upgrade-ffmpeg-4-libavcodec-devel suse-upgrade-ffmpeg-4-libavdevice-devel suse-upgrade-ffmpeg-4-libavfilter-devel suse-upgrade-ffmpeg-4-libavformat-devel suse-upgrade-ffmpeg-4-libavresample-devel suse-upgrade-ffmpeg-4-libavutil-devel suse-upgrade-ffmpeg-4-libpostproc-devel suse-upgrade-ffmpeg-4-libswresample-devel suse-upgrade-ffmpeg-4-libswscale-devel suse-upgrade-ffmpeg-4-private-devel suse-upgrade-ffmpeg-private-devel suse-upgrade-libavcodec-devel suse-upgrade-libavcodec57 suse-upgrade-libavcodec57-32bit suse-upgrade-libavcodec58_134 suse-upgrade-libavcodec58_134-32bit suse-upgrade-libavdevice-devel suse-upgrade-libavdevice57 suse-upgrade-libavdevice57-32bit suse-upgrade-libavdevice58_13 suse-upgrade-libavdevice58_13-32bit suse-upgrade-libavfilter-devel suse-upgrade-libavfilter6 suse-upgrade-libavfilter6-32bit suse-upgrade-libavfilter7_110 suse-upgrade-libavfilter7_110-32bit suse-upgrade-libavformat-devel suse-upgrade-libavformat57 suse-upgrade-libavformat57-32bit suse-upgrade-libavformat58_76 suse-upgrade-libavformat58_76-32bit suse-upgrade-libavresample-devel suse-upgrade-libavresample3 suse-upgrade-libavresample3-32bit suse-upgrade-libavresample4_0 suse-upgrade-libavresample4_0-32bit suse-upgrade-libavutil-devel suse-upgrade-libavutil55 suse-upgrade-libavutil55-32bit suse-upgrade-libavutil56_70 suse-upgrade-libavutil56_70-32bit suse-upgrade-libpostproc-devel suse-upgrade-libpostproc54 suse-upgrade-libpostproc54-32bit suse-upgrade-libpostproc55_9 suse-upgrade-libpostproc55_9-32bit suse-upgrade-libswresample-devel suse-upgrade-libswresample2 suse-upgrade-libswresample2-32bit suse-upgrade-libswresample3_9 suse-upgrade-libswresample3_9-32bit suse-upgrade-libswscale-devel suse-upgrade-libswscale4 suse-upgrade-libswscale4-32bit suse-upgrade-libswscale5_9 suse-upgrade-libswscale5_9-32bit References https://attackerkb.com/topics/cve-2023-51794 CVE - 2023-51794

SUSE: CVE-2024-31755: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 05/28/2024 Added 05/28/2024 Modified 05/28/2024 Description cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Solution(s) suse-upgrade-cjson-devel suse-upgrade-libcjson1 References https://attackerkb.com/topics/cve-2024-31755 CVE - 2024-31755

Debian: CVE-2023-51794: ffmpeg -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 06/17/2024 Added 06/17/2024 Modified 06/17/2024 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Solution(s) debian-upgrade-ffmpeg References https://attackerkb.com/topics/cve-2023-51794 CVE - 2023-51794 DSA-5712-1

Ubuntu: USN-6784-1 (CVE-2024-31755): cJSON vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 05/28/2024 Added 05/28/2024 Modified 11/15/2024 Description cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Solution(s) ubuntu-pro-upgrade-libcjson1 References https://attackerkb.com/topics/cve-2024-31755 CVE - 2024-31755 USN-6784-1

Huawei EulerOS: CVE-2023-52646: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646 EulerOS-SA-2024-2240

SUSE: CVE-2024-33663: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 05/08/2024 Added 05/08/2024 Modified 05/08/2024 Description python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. Solution(s) suse-upgrade-python3-python-jose References https://attackerkb.com/topics/cve-2024-33663 CVE - 2024-33663

IBM WebSphere Application Server: CVE-2024-25026: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 04/26/2024 Added 04/26/2024 Modified 04/29/2024 Description IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request.A remote attacker could exploit this vulnerability to cause the server to consume memory resources.IBM X-Force ID:281516. Solution(s) ibm-was-install-8-5-0-0-ph59781 ibm-was-install-8-5-ph59781-liberty ibm-was-install-9-0-0-0-ph59781 ibm-was-upgrade-8-5-0-0-8-5-5-26 ibm-was-upgrade-8-5-24-0-0-5-liberty ibm-was-upgrade-9-0-0-0-9-0-5-20 References https://attackerkb.com/topics/cve-2024-25026 CVE - 2024-25026 https://exchange.xforce.ibmcloud.com/vulnerabilities/281516 https://www.ibm.com/support/pages/node/7149330

Debian: CVE-2022-48682: fdupes -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink. Solution(s) debian-upgrade-fdupes References https://attackerkb.com/topics/cve-2022-48682 CVE - 2022-48682

Red Hat OpenShift: CVE-2024-3154: cri-o: Arbitrary command injection via pod annotation Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 05/10/2024 Added 05/13/2024 Modified 06/06/2024 Description A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Solution(s) linuxrpm-upgrade-cri-o References https://attackerkb.com/topics/cve-2024-3154 CVE - 2024-3154 RHSA-2024:2669 RHSA-2024:2672 RHSA-2024:2784 RHSA-2024:3496

Debian: CVE-2023-52646: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646

VMware Photon OS: CVE-2023-52646 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/26/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646

Huawei EulerOS: CVE-2023-52646: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/26/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [[email protected]: fix 80 column issue] Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52646 CVE - 2023-52646 EulerOS-SA-2024-1964

Alma Linux: CVE-2024-2905: Moderate: rpm-ostree security update (ALSA-2024-3823) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/25/2024 Created 06/17/2024 Added 06/17/2024 Modified 06/17/2024 Description A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. Solution(s) alma-upgrade-rpm-ostree alma-upgrade-rpm-ostree-libs References https://attackerkb.com/topics/cve-2024-2905 CVE - 2024-2905 https://errata.almalinux.org/9/ALSA-2024-3823.html