ISHACK AI BOT

Huawei EulerOS: CVE-2021-47170: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large.This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47170 CVE - 2021-47170 EulerOS-SA-2024-1964

Rocky Linux: CVE-2021-47171: kernel-rt (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2021-47171 CVE - 2021-47171 https://errata.rockylinux.org/RLSA-2024:3618 https://errata.rockylinux.org/RLSA-2024:3627

Rocky Linux: CVE-2021-47153: kernel-rt (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. Solution(s) rocky-upgrade-bpftool rocky-upgrade-bpftool-debuginfo rocky-upgrade-kernel rocky-upgrade-kernel-core rocky-upgrade-kernel-cross-headers rocky-upgrade-kernel-debug rocky-upgrade-kernel-debug-core rocky-upgrade-kernel-debug-debuginfo rocky-upgrade-kernel-debug-devel rocky-upgrade-kernel-debug-modules rocky-upgrade-kernel-debug-modules-extra rocky-upgrade-kernel-debuginfo rocky-upgrade-kernel-debuginfo-common-x86_64 rocky-upgrade-kernel-devel rocky-upgrade-kernel-headers rocky-upgrade-kernel-modules rocky-upgrade-kernel-modules-extra rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra rocky-upgrade-kernel-tools rocky-upgrade-kernel-tools-debuginfo rocky-upgrade-kernel-tools-libs rocky-upgrade-kernel-tools-libs-devel rocky-upgrade-perf rocky-upgrade-perf-debuginfo rocky-upgrade-python3-perf rocky-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2021-47153 CVE - 2021-47153 https://errata.rockylinux.org/RLSA-2024:3618 https://errata.rockylinux.org/RLSA-2024:3627

OS X update for IOUSBDeviceFamily (CVE-2023-42974) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 03/25/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Sonoma 14.2. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-12_7_2 apple-osx-upgrade-13_6_3 apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2023-42974 CVE - 2023-42974 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038

SUSE: CVE-2021-47166: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47166 CVE - 2021-47166

SUSE: CVE-2021-47138: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47138 CVE - 2021-47138

Ubuntu: USN-7027-1 (CVE-2024-30204): Emacs vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 09/20/2024 Added 09/20/2024 Modified 01/23/2025 Description In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Solution(s) ubuntu-pro-upgrade-emacs ubuntu-pro-upgrade-emacs-bin-common ubuntu-pro-upgrade-emacs-common ubuntu-pro-upgrade-emacs-el ubuntu-pro-upgrade-emacs24 ubuntu-pro-upgrade-emacs24-bin-common ubuntu-pro-upgrade-emacs24-common ubuntu-pro-upgrade-emacs24-el ubuntu-pro-upgrade-emacs25 ubuntu-pro-upgrade-emacs25-bin-common ubuntu-pro-upgrade-emacs25-common ubuntu-pro-upgrade-emacs25-el References https://attackerkb.com/topics/cve-2024-30204 CVE - 2024-30204 USN-7027-1

Alma Linux: CVE-2024-30205: Moderate: emacs security update (ALSA-2024-6987) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/26/2024 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) alma-upgrade-emacs alma-upgrade-emacs-common alma-upgrade-emacs-filesystem alma-upgrade-emacs-lucid alma-upgrade-emacs-nox alma-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2024-30205 CVE - 2024-30205 https://errata.almalinux.org/8/ALSA-2024-6987.html

SUSE: CVE-2021-47177: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47177 CVE - 2021-47177

SUSE: CVE-2021-47179: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47179 CVE - 2021-47179

SUSE: CVE-2021-47136: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [778.301495] load of value 107 is not a valid value for type '_Bool' [778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [778.307901] Call Trace: [778.308680]<IRQ> [778.309358]dump_stack+0xbb/0x107 [778.310307]ubsan_epilogue+0x5/0x40 [778.311167]__ubsan_handle_load_invalid_value.cold+0x43/0x48 [778.312454]? memset+0x20/0x40 [778.313230]ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [778.314532]ovs_vport_receive+0x19e/0x2e0 [openvswitch] [778.315749]? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [778.317188]? create_prof_cpu_mask+0x20/0x20 [778.318220]? arch_stack_walk+0x82/0xf0 [778.319153]? secondary_startup_64_no_verify+0xb0/0xbb [778.320399]? stack_trace_save+0x91/0xc0 [778.321362]? stack_trace_consume_entry+0x160/0x160 [778.322517]? lock_release+0x52e/0x760 [778.323444]netdev_frame_hook+0x323/0x610 [openvswitch] [778.324668]? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [778.325950]__netif_receive_skb_core+0x771/0x2db0 [778.327067]? lock_downgrade+0x6e0/0x6f0 [778.328021]? lock_acquire+0x565/0x720 [778.328940]? generic_xdp_tx+0x4f0/0x4f0 [778.329902]? inet_gro_receive+0x2a7/0x10a0 [778.330914]? lock_downgrade+0x6f0/0x6f0 [778.331867]? udp4_gro_receive+0x4c4/0x13e0 [778.332876]? lock_release+0x52e/0x760 [778.333808]? dev_gro_receive+0xcc8/0x2380 [778.334810]? lock_downgrade+0x6f0/0x6f0 [778.335769]__netif_receive_skb_list_core+0x295/0x820 [778.336955]? process_backlog+0x780/0x780 [778.337941]? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [778.339613]? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [778.341033]? kvm_clock_get_cycles+0x14/0x20 [778.342072]netif_receive_skb_list_internal+0x5f5/0xcb0 [778.343288]? __kasan_kmalloc+0x7a/0x90 [778.344234]? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [778.345676]? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [778.347140]? __netif_receive_skb_list_core+0x820/0x820 [778.348351]? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [778.349688]? napi_gro_flush+0x26c/0x3c0 [778.350641]napi_complete_done+0x188/0x6b0 [778.351627]mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [778.352853]__napi_poll+0x9f/0x510 [778.353704]? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [778.355158]net_rx_action+0x34c/0xa40 [778.356060]? napi_threaded_poll+0x3d0/0x3d0 [778.357083]? sched_clock_cpu+0x18/0x190 [778.358041]? __common_interrupt+0x8e/0x1a0 [778.359045]__do_softirq+0x1ce/0x984 [778.359938]__irq_exit_rcu+0x137/0x1d0 [778.360865]irq_exit_rcu+0xa/0x20 [778.361708]common_interrupt+0x80/0xa0 [778.362640]</IRQ> [778.363212]asm_common_interrupt+0x1e/0x40 [778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [778.370570] RAX ---truncated--- Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-syms suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47136 CVE - 2021-47136

SUSE: CVE-2021-47137: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-syms suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47137 CVE - 2021-47137

Huawei EulerOS: CVE-2021-47170: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/16/2024 Added 07/16/2024 Modified 12/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large.This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47170 CVE - 2021-47170 EulerOS-SA-2024-1911

SUSE: CVE-2021-47139: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ------------[ cut here ]------------ [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O5.11.0-rc3+ #1 [47200.215601] Hardware name:, xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324]cpu_rmap_add+0x38/0x40 [47200.354300]hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294]hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049]hns3_change_channels+0x40/0xb0 [hns3] [47200.376770]hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353]ethtool_set_channels+0x140/0x250 [47200.389772]dev_ethtool+0x714/0x23d0 [47200.394440]dev_ioctl+0x4cc/0x640 [47200.399277]sock_do_ioctl+0x100/0x2a0 [47200.404574]sock_ioctl+0x28c/0x470 [47200.409079]__arm64_sys_ioctl+0xb4/0x100 [47200.415217]el0_svc_common.constprop.0+0x84/0x210 [47200.422088]do_el0_svc+0x28/0x34 [47200.426387]el0_svc+0x28/0x70 [47200.431308]el0_sync_handler+0x1a4/0x1b0 [47200.436477]el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] ---[ end trace a01efe4ce42e5f34 ]--- The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap()hns3_reset_notify_uninit_enet() | | |quit without calling function |hns3_free_rx_cpu_rmap for flag |HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITEDcall hns3_set_rx_cpu_rmap()-- crash Fix it by calling register_netdev() at the end of function hns3_client_init(). Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-syms suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47139 CVE - 2021-47139

Ubuntu: (CVE-2021-47142): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751]sg_free_table+0x17/0x20 [ 1235.995667]amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288]amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464]ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066]ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783]ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547]ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766]amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809]amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400]kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912]kfd_ioctl+0x463/0x690 [amdgpu] Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47142 CVE - 2021-47142 https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122 https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17 https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276 https://www.cve.org/CVERecord?id=CVE-2021-47142 View more

Ubuntu: (CVE-2021-47162): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get'ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as this appended frag skb are seen by multiple skbs but it only got skb_get called once. The same thing happens with a skb updated by pskb_may_pull() with a skb_cloned skb. Li Shuang has reported quite a few crashes caused by this when doing testing over macvlan devices: [] kernel BUG at net/core/skbuff.c:1970! [] Call Trace: []skb_clone+0x4d/0xb0 []macvlan_broadcast+0xd8/0x160 [macvlan] []macvlan_process_broadcast+0x148/0x150 [macvlan] []process_one_work+0x1a7/0x360 []worker_thread+0x30/0x390 [] kernel BUG at mm/usercopy.c:102! [] Call Trace: []__check_heap_object+0xd3/0x100 []__check_object_size+0xff/0x16b []simple_copy_to_iter+0x1c/0x30 []__skb_datagram_iter+0x7d/0x310 []__skb_datagram_iter+0x2a5/0x310 []skb_copy_datagram_iter+0x3b/0x90 []tipc_recvmsg+0x14a/0x3a0 [tipc] []____sys_recvmsg+0x91/0x150 []___sys_recvmsg+0x7b/0xc0 [] kernel BUG at mm/slub.c:305! [] Call Trace: []<IRQ> []kmem_cache_free+0x3ff/0x400 []__netif_receive_skb_core+0x12c/0xc40 []? kmem_cache_alloc+0x12e/0x270 []netif_receive_skb_internal+0x3d/0xb0 []? get_rx_page_info+0x8e/0xa0 [be2net] []be_poll+0x6ef/0xd00 [be2net] []? irq_exit+0x4f/0x100 []net_rx_action+0x149/0x3b0 ... This patch is to fix it by linearizing the head skb if it has frag_list set in tipc_buf_append(). Note that we choose to do this before calling skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can not just drop the frag_list either as the early time. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47162 CVE - 2021-47162 https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966 https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8 https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026 https://www.cve.org/CVERecord?id=CVE-2021-47162 View more

Ubuntu: (CVE-2021-47137): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47137 CVE - 2021-47137 https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2 https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418 https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 https://www.cve.org/CVERecord?id=CVE-2021-47137

SUSE: CVE-2021-47165: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 ... Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 ... Simply check if the priv struct has been allocated before using it. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2021-47165 CVE - 2021-47165

OS X update for TCC (CVE-2023-42947) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/25/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to break out of its sandbox. Solution(s) apple-osx-upgrade-12_7_2 apple-osx-upgrade-13_6_3 apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2023-42947 CVE - 2023-42947 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038

Gentoo Linux: CVE-2024-30202: GNU Emacs, Org Mode: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/02/2024 Added 07/03/2024 Modified 07/03/2024 Description In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. Solution(s) gentoo-linux-upgrade-app-editors-emacs gentoo-linux-upgrade-app-emacs-org-mode References https://attackerkb.com/topics/cve-2024-30202 CVE - 2024-30202 202407-08

Gentoo Linux: CVE-2024-30205: GNU Emacs, Org Mode: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/02/2024 Added 07/03/2024 Modified 07/03/2024 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) gentoo-linux-upgrade-app-editors-emacs gentoo-linux-upgrade-app-emacs-org-mode References https://attackerkb.com/topics/cve-2024-30205 CVE - 2024-30205 202407-08

OS X update for WebKit (CVE-2023-42950) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/25/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2023-42950 CVE - 2023-42950 https://support.apple.com/kb/HT214036

Gentoo Linux: CVE-2024-30204: GNU Emacs, Org Mode: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/02/2024 Added 07/03/2024 Modified 07/03/2024 Description In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Solution(s) gentoo-linux-upgrade-app-editors-emacs gentoo-linux-upgrade-app-emacs-org-mode References https://attackerkb.com/topics/cve-2024-30204 CVE - 2024-30204 202407-08

Amazon Linux 2023: CVE-2024-30204: Important priority package update for emacs Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/25/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. Solution(s) amazon-linux-2023-upgrade-emacs amazon-linux-2023-upgrade-emacs-common amazon-linux-2023-upgrade-emacs-common-debuginfo amazon-linux-2023-upgrade-emacs-debuginfo amazon-linux-2023-upgrade-emacs-debugsource amazon-linux-2023-upgrade-emacs-devel amazon-linux-2023-upgrade-emacs-filesystem amazon-linux-2023-upgrade-emacs-lucid amazon-linux-2023-upgrade-emacs-lucid-debuginfo amazon-linux-2023-upgrade-emacs-nox amazon-linux-2023-upgrade-emacs-nox-debuginfo amazon-linux-2023-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2024-30204 CVE - 2024-30204 https://alas.aws.amazon.com/AL2023/ALAS-2024-663.html

Amazon Linux 2023: CVE-2024-30203: Important priority package update for emacs Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/25/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In Emacs before 29.3, Gnus treats inline MIME contents as trusted. A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. Solution(s) amazon-linux-2023-upgrade-emacs amazon-linux-2023-upgrade-emacs-common amazon-linux-2023-upgrade-emacs-common-debuginfo amazon-linux-2023-upgrade-emacs-debuginfo amazon-linux-2023-upgrade-emacs-debugsource amazon-linux-2023-upgrade-emacs-devel amazon-linux-2023-upgrade-emacs-filesystem amazon-linux-2023-upgrade-emacs-lucid amazon-linux-2023-upgrade-emacs-lucid-debuginfo amazon-linux-2023-upgrade-emacs-nox amazon-linux-2023-upgrade-emacs-nox-debuginfo amazon-linux-2023-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2024-30203 CVE - 2024-30203 https://alas.aws.amazon.com/AL2023/ALAS-2024-663.html