ISHACK AI BOT

Alma Linux: CVE-2024-30203: Moderate: emacs security update (ALSA-2024-6987) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 09/27/2024 Added 09/26/2024 Modified 09/26/2024 Description In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Solution(s) alma-upgrade-emacs alma-upgrade-emacs-common alma-upgrade-emacs-filesystem alma-upgrade-emacs-lucid alma-upgrade-emacs-nox alma-upgrade-emacs-terminal References https://attackerkb.com/topics/cve-2024-30203 CVE - 2024-30203 https://errata.almalinux.org/8/ALSA-2024-6987.html

Huawei EulerOS: CVE-2024-30203: emacs security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Solution(s) huawei-euleros-2_0_sp11-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2024-30203 CVE - 2024-30203 EulerOS-SA-2024-2578

Huawei EulerOS: CVE-2021-47167: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47167 CVE - 2021-47167 EulerOS-SA-2024-1964

Huawei EulerOS: CVE-2021-47142: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751]sg_free_table+0x17/0x20 [ 1235.995667]amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288]amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464]ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066]ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783]ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547]ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766]amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809]amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400]kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912]kfd_ioctl+0x463/0x690 [amdgpu] Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47142 CVE - 2021-47142 EulerOS-SA-2024-1964

Huawei EulerOS: CVE-2021-47171: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47171 CVE - 2021-47171 EulerOS-SA-2024-1964

Huawei EulerOS: CVE-2021-47166: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47166 CVE - 2021-47166 EulerOS-SA-2024-1964

Amazon Linux AMI 2: CVE-2021-47136: Security patch for kernel (ALASKERNEL-5.10-2022-002) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 08/03/2024 Added 08/02/2024 Modified 08/02/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [778.301495] load of value 107 is not a valid value for type '_Bool' [778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [778.307901] Call Trace: [778.308680]<IRQ> [778.309358]dump_stack+0xbb/0x107 [778.310307]ubsan_epilogue+0x5/0x40 [778.311167]__ubsan_handle_load_invalid_value.cold+0x43/0x48 [778.312454]? memset+0x20/0x40 [778.313230]ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [778.314532]ovs_vport_receive+0x19e/0x2e0 [openvswitch] [778.315749]? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [778.317188]? create_prof_cpu_mask+0x20/0x20 [778.318220]? arch_stack_walk+0x82/0xf0 [778.319153]? secondary_startup_64_no_verify+0xb0/0xbb [778.320399]? stack_trace_save+0x91/0xc0 [778.321362]? stack_trace_consume_entry+0x160/0x160 [778.322517]? lock_release+0x52e/0x760 [778.323444]netdev_frame_hook+0x323/0x610 [openvswitch] [778.324668]? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [778.325950]__netif_receive_skb_core+0x771/0x2db0 [778.327067]? lock_downgrade+0x6e0/0x6f0 [778.328021]? lock_acquire+0x565/0x720 [778.328940]? generic_xdp_tx+0x4f0/0x4f0 [778.329902]? inet_gro_receive+0x2a7/0x10a0 [778.330914]? lock_downgrade+0x6f0/0x6f0 [778.331867]? udp4_gro_receive+0x4c4/0x13e0 [778.332876]? lock_release+0x52e/0x760 [778.333808]? dev_gro_receive+0xcc8/0x2380 [778.334810]? lock_downgrade+0x6f0/0x6f0 [778.335769]__netif_receive_skb_list_core+0x295/0x820 [778.336955]? process_backlog+0x780/0x780 [778.337941]? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [778.339613]? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [778.341033]? kvm_clock_get_cycles+0x14/0x20 [778.342072]netif_receive_skb_list_internal+0x5f5/0xcb0 [778.343288]? __kasan_kmalloc+0x7a/0x90 [778.344234]? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [778.345676]? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [778.347140]? __netif_receive_skb_list_core+0x820/0x820 [778.348351]? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [778.349688]? napi_gro_flush+0x26c/0x3c0 [778.350641]napi_complete_done+0x188/0x6b0 [778.351627]mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [778.352853]__napi_poll+0x9f/0x510 [778.353704]? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [778.355158]net_rx_action+0x34c/0xa40 [778.356060]? napi_threaded_poll+0x3d0/0x3d0 [778.357083]? sched_clock_cpu+0x18/0x190 [778.358041]? __common_interrupt+0x8e/0x1a0 [778.359045]__do_softirq+0x1ce/0x984 [778.359938]__irq_exit_rcu+0x137/0x1d0 [778.360865]irq_exit_rcu+0xa/0x20 [778.361708]common_interrupt+0x80/0xa0 [778.362640]</IRQ> [778.363212]asm_common_interrupt+0x1e/0x40 [778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [778.370570] RAX ---truncated--- Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2021-47136 AL2/ALASKERNEL-5.10-2022-002 CVE - 2021-47136

Debian: CVE-2021-47175: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 # ping 192.0.2.2 -I eth0 -c2 -w1 -q produces the following splat: BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] Read of size 4 at addr ffff888171306924 by task ping/942 CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x92/0xc1 print_address_description.constprop.7+0x1a/0x150 kasan_report.cold.13+0x7f/0x111 fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] __dev_queue_xmit+0x1034/0x2b10 ip_finish_output2+0xc62/0x2120 __ip_finish_output+0x553/0xea0 ip_output+0x1ca/0x4d0 ip_send_skb+0x37/0xa0 raw_sendmsg+0x1c4b/0x2d00 sock_sendmsg+0xdb/0x110 __sys_sendto+0x1d7/0x2b0 __x64_sys_sendto+0xdd/0x1b0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe69735c3eb Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 Allocated by task 917: kasan_save_stack+0x19/0x40 __kasan_kmalloc+0x7f/0xa0 __kmalloc_node+0x139/0x280 fq_pie_init+0x555/0x8e8 [sch_fq_pie] qdisc_create+0x407/0x11b0 tc_modify_qdisc+0x3c2/0x17e0 rtnetlink_rcv_msg+0x346/0x8e0 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x719/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5ba/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888171306800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 36 bytes to the right of 256-byte region [ffff888171306800, ffff888171306900) The buggy address belongs to the page: page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 head:00000000bcfb624e order:1 compound_mapcount:0 flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a valid flow: it's an address beyond the allocated memory. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47175 CVE - 2021-47175

Red Hat: CVE-2024-30205: emacs: Org mode considers contents of remote files to be trusted (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/25/2024 Created 09/26/2024 Added 09/25/2024 Modified 11/13/2024 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) redhat-upgrade-emacs redhat-upgrade-emacs-common redhat-upgrade-emacs-common-debuginfo redhat-upgrade-emacs-debuginfo redhat-upgrade-emacs-debugsource redhat-upgrade-emacs-filesystem redhat-upgrade-emacs-lucid redhat-upgrade-emacs-lucid-debuginfo redhat-upgrade-emacs-nox redhat-upgrade-emacs-nox-debuginfo redhat-upgrade-emacs-terminal References CVE-2024-30205 RHSA-2024:6987 RHSA-2024:9302

Red Hat: CVE-2024-30204: emacs: LaTeX preview is enabled by default for e-mail attachments (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/25/2024 Created 11/14/2024 Added 11/13/2024 Modified 11/13/2024 Description In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Solution(s) redhat-upgrade-emacs redhat-upgrade-emacs-common redhat-upgrade-emacs-common-debuginfo redhat-upgrade-emacs-debuginfo redhat-upgrade-emacs-debugsource redhat-upgrade-emacs-filesystem redhat-upgrade-emacs-lucid redhat-upgrade-emacs-lucid-debuginfo redhat-upgrade-emacs-nox redhat-upgrade-emacs-nox-debuginfo References CVE-2024-30204 RHSA-2024:9302

SUSE: CVE-2021-47146: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS:0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem. Solution(s) suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure References https://attackerkb.com/topics/cve-2021-47146 CVE - 2021-47146

Red Hat: CVE-2024-30203: emacs: Gnus treats inline MIME contents as trusted (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 03/25/2024 Created 09/26/2024 Added 09/25/2024 Modified 11/13/2024 Description In Emacs before 29.3, Gnus treats inline MIME contents as trusted. Solution(s) redhat-upgrade-emacs redhat-upgrade-emacs-common redhat-upgrade-emacs-common-debuginfo redhat-upgrade-emacs-debuginfo redhat-upgrade-emacs-debugsource redhat-upgrade-emacs-filesystem redhat-upgrade-emacs-lucid redhat-upgrade-emacs-lucid-debuginfo redhat-upgrade-emacs-nox redhat-upgrade-emacs-nox-debuginfo redhat-upgrade-emacs-terminal References CVE-2024-30203 RHSA-2024:6987 RHSA-2024:9302

Debian: CVE-2021-47139: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ------------[ cut here ]------------ [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O5.11.0-rc3+ #1 [47200.215601] Hardware name:, xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324]cpu_rmap_add+0x38/0x40 [47200.354300]hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294]hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049]hns3_change_channels+0x40/0xb0 [hns3] [47200.376770]hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353]ethtool_set_channels+0x140/0x250 [47200.389772]dev_ethtool+0x714/0x23d0 [47200.394440]dev_ioctl+0x4cc/0x640 [47200.399277]sock_do_ioctl+0x100/0x2a0 [47200.404574]sock_ioctl+0x28c/0x470 [47200.409079]__arm64_sys_ioctl+0xb4/0x100 [47200.415217]el0_svc_common.constprop.0+0x84/0x210 [47200.422088]do_el0_svc+0x28/0x34 [47200.426387]el0_svc+0x28/0x70 [47200.431308]el0_sync_handler+0x1a4/0x1b0 [47200.436477]el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] ---[ end trace a01efe4ce42e5f34 ]--- The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap()hns3_reset_notify_uninit_enet() | | |quit without calling function |hns3_free_rx_cpu_rmap for flag |HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITEDcall hns3_set_rx_cpu_rmap()-- crash Fix it by calling register_netdev() at the end of function hns3_client_init(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47139 CVE - 2021-47139

Huawei EulerOS: CVE-2021-47173: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/16/2024 Added 07/16/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47173 CVE - 2021-47173 EulerOS-SA-2024-1911

Huawei EulerOS: CVE-2021-47142: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/16/2024 Added 07/16/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751]sg_free_table+0x17/0x20 [ 1235.995667]amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288]amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464]ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066]ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783]ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547]ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766]amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809]amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400]kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912]kfd_ioctl+0x463/0x690 [amdgpu] Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47142 CVE - 2021-47142 EulerOS-SA-2024-1911

Oracle Linux: CVE-2021-47171: ELSA-2024-12606: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 03/25/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [&lt;ffffffff84245b62&gt;] kmalloc include/linux/slab.h:556 [inline] [&lt;ffffffff84245b62&gt;] kzalloc include/linux/slab.h:686 [inline] [&lt;ffffffff84245b62&gt;] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [&lt;ffffffff82b5b2e6&gt;] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2021-47171 CVE - 2021-47171 ELSA-2024-12606 ELSA-2024-3618

Rocky Linux: CVE-2024-30205: emacs (RLSA-2024-9302) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 11/21/2024 Added 11/20/2024 Modified 11/20/2024 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) rocky-upgrade-emacs rocky-upgrade-emacs-common rocky-upgrade-emacs-common-debuginfo rocky-upgrade-emacs-debuginfo rocky-upgrade-emacs-debugsource rocky-upgrade-emacs-lucid rocky-upgrade-emacs-lucid-debuginfo rocky-upgrade-emacs-nox rocky-upgrade-emacs-nox-debuginfo References https://attackerkb.com/topics/cve-2024-30205 CVE - 2024-30205 https://errata.rockylinux.org/RLSA-2024:9302

Red Hat: CVE-2021-47153: kernel: i2c: i801: Don&#39;t generate an interrupt on bus reset (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 03/25/2024 Created 06/07/2024 Added 06/06/2024 Modified 06/06/2024 Description In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2021-47153 RHSA-2024:3618 RHSA-2024:3627

Ubuntu: USN-6761-1 (CVE-2024-30187): Anope vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 05/02/2024 Added 05/02/2024 Modified 11/15/2024 Description Anope before 2.0.15 does not prevent resetting the password of a suspended account. Solution(s) ubuntu-pro-upgrade-anope References https://attackerkb.com/topics/cve-2024-30187 CVE - 2024-30187 USN-6761-1

Debian: CVE-2021-47145: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS:00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response.The error path for this code handles errors properly, simply return the error. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47145 CVE - 2021-47145

Ubuntu: USN-7027-1 (CVE-2024-30205): Emacs vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 09/20/2024 Added 09/20/2024 Modified 01/23/2025 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) ubuntu-pro-upgrade-emacs ubuntu-pro-upgrade-emacs-bin-common ubuntu-pro-upgrade-emacs-common ubuntu-pro-upgrade-emacs-el ubuntu-pro-upgrade-emacs24 ubuntu-pro-upgrade-emacs24-bin-common ubuntu-pro-upgrade-emacs24-common ubuntu-pro-upgrade-emacs24-el ubuntu-pro-upgrade-emacs25 ubuntu-pro-upgrade-emacs25-bin-common ubuntu-pro-upgrade-emacs25-common ubuntu-pro-upgrade-emacs25-el References https://attackerkb.com/topics/cve-2024-30205 CVE - 2024-30205 USN-7027-1

Debian: CVE-2021-47148: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user.Add some bounds checking to prevent memory corruption. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47148 CVE - 2021-47148

Debian: CVE-2021-47144: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47144 CVE - 2021-47144

Debian: CVE-2021-47149: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47149 CVE - 2021-47149

Debian: CVE-2021-47150: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47150 CVE - 2021-47150