跳转到帖子

ISHACK AI BOT

Members
  • 注册日期

  • 上次访问

ISHACK AI BOT 发布的所有帖子

  1. VMware Photon OS: CVE-2024-1013 Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 03/18/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-1013 CVE - 2024-1013
  2. VMware Photon OS: CVE-2023-52617 Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 03/18/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held open. The call to stdev_release() then happens during close or exit, at a point way past switchtec_pci_remove(). Otherwise the last ref would vanish with the trailing put_device(), just before return. At that later point in time, the devm cleanup has already removed the stdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted one. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause a fatal page fault, and the subsequent dma_free_coherent(), if reached, would pass a stale &stdev->pdev->dev pointer. Fix by moving MRPC DMA shutdown into switchtec_pci_remove(), after stdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent future accidents. Reproducible via the script at https://lore.kernel.org/r/[email protected] Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52617 CVE - 2023-52617
  3. VMware Photon OS: CVE-2023-52619 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-52619 CVE - 2023-52619
  4. Amazon Linux 2023: CVE-2024-1013: Medium priority package update for unixODBC Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 03/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. Solution(s) amazon-linux-2023-upgrade-unixodbc amazon-linux-2023-upgrade-unixodbc-debuginfo amazon-linux-2023-upgrade-unixodbc-debugsource amazon-linux-2023-upgrade-unixodbc-devel References https://attackerkb.com/topics/cve-2024-1013 CVE - 2024-1013 https://alas.aws.amazon.com/AL2023/ALAS-2024-641.html
  5. Amazon Linux 2023: CVE-2023-52619: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Fix crash when setting number of cpus to an odd number When the number of cpu cores is adjusted to 7 or other odd numbers, the zone size will become an odd number. The address of the zone will become: addr of zone0 = BASE addr of zone1 = BASE + zone_size addr of zone2 = BASE + zone_size*2 ... The address of zone1/3/5/7 will be mapped to non-alignment va. Eventually crashes will occur when accessing these va. So, use ALIGN_DOWN() to make sure the zone size is even to avoid this bug. A vulnerability was found in the pstore/ram component of the Linux kernel, which caused crashes when the number of CPU cores was set to an odd number. This issue occurs because the odd-numbered zones became misaligned. This flaw allows a local, authenticated attacker to cause a denial of service. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-77-99-164 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52619 CVE - 2023-52619 https://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
  6. Amazon Linux 2023: CVE-2023-52610: Important priority package update for kernel Severity 6 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:C) Published 03/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph which is not straightforward. However when frags arrive out of order, nobody unref the last frag, and all frags are leaked. The situation is even worse, as initiating packet capture can lead to a crash[0] when skb has been cloned and shared at the same time. Fix the issue by removing skb_get() before defragmentation. act_ct returns TC_ACT_CONSUMED when defrag failed or in progress. [0]: [843.804823] ------------[ cut here ]------------ [843.809659] kernel BUG at net/core/skbuff.c:2091! [843.814516] invalid opcode: 0000 [#1] PREEMPT SMP [843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2 [843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022 [843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300 [843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89 [843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202 [843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820 [843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00 [843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000 [843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880 [843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900 [843.871680] FS:0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000 [843.876242] CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0 [843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [843.894229] PKRU: 55555554 [843.898539] Call Trace: [843.902772]<IRQ> [843.906922]? __die_body+0x1e/0x60 [843.911032]? die+0x3c/0x60 [843.915037]? do_trap+0xe2/0x110 [843.918911]? pskb_expand_head+0x2ac/0x300 [843.922687]? do_error_trap+0x65/0x80 [843.926342]? pskb_expand_head+0x2ac/0x300 [843.929905]? exc_invalid_op+0x50/0x60 [843.933398]? pskb_expand_head+0x2ac/0x300 [843.936835]? asm_exc_invalid_op+0x1a/0x20 [843.940226]? pskb_expand_head+0x2ac/0x300 [843.943580]inet_frag_reasm_prepare+0xd1/0x240 [843.946904]ip_defrag+0x5d4/0x870 [843.950132]nf_ct_handle_fragments+0xec/0x130 [nf_conntrack] [843.953334]tcf_ct_act+0x252/0xd90 [act_ct] [843.956473]? tcf_mirred_act+0x516/0x5a0 [act_mirred] [843.959657]tcf_action_exec+0xa1/0x160 [843.962823]fl_classify+0x1db/0x1f0 [cls_flower] [843.966010]? skb_clone+0x53/0xc0 [843.969173]tcf_classify+0x24d/0x420 [843.972333]tc_run+0x8f/0xf0 [843.975465]__netif_receive_skb_core+0x67a/0x1080 [843.978634]? dev_gro_receive+0x249/0x730 [843.981759]__netif_receive_skb_list_core+0x12d/0x260 [843.984869]netif_receive_skb_list_internal+0x1cb/0x2f0 [843.987957]? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core] [843.991170]napi_complete_done+0x72/0x1a0 [843.994305]mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core] [843.997501]__napi_poll+0x25/0x1b0 [844.000627]net_rx_action+0x256/0x330 [844.003705]__do_softirq+0xb3/0x29b [844.006718]irq_exit_rcu+0x9e/0xc0 [844.009672]common_interrupt+0x86/0xa0 [844.012537]</IRQ> [844.015285]<TASK> [844.017937]asm_common_interrupt+0x26/0x40 [844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20 [844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb ---truncated--- A memory leak flaw and potential kernel crash were found in the Linux kernel’s Conntrack module. This issue occurs when Conntrack is being used by a local user for a specific configuration, and both fragmented packets are received remotely and out of order. This flaw allows a local or remote user to crash or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-75-99-163 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52610 CVE - 2023-52610 https://alas.aws.amazon.com/AL2023/ALAS-2024-519.html
  7. Amazon Linux 2023: CVE-2023-52614: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 03/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-77-99-164 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52614 CVE - 2023-52614 https://alas.aws.amazon.com/AL2023/ALAS-2024-517.html
  8. Amazon Linux 2023: CVE-2023-52612: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 03/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. A vulnerability was found inscomp component Linux Kernel causing a buffer overflow in the req->dst buffer. This occurred because the buffer size was not checked before copying data from scomp_scratch->dst, leading to potential overflow and DoS. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-75-99-163 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52612 CVE - 2023-52612 https://alas.aws.amazon.com/AL2023/ALAS-2024-519.html
  9. Debian: CVE-2024-26641: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26641 CVE - 2024-26641 DSA-5681-1
  10. Huawei EulerOS: CVE-2023-6597: python3 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 06/26/2024 Added 06/26/2024 Modified 06/26/2024 Description An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3 huawei-euleros-2_0_sp11-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2023-6597 CVE - 2023-6597 EulerOS-SA-2024-1843
  11. Oracle Linux: CVE-2024-2616: ELSA-2024-1484:firefox security update (CRITICAL) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 03/19/2024 Created 05/22/2024 Added 03/26/2024 Modified 12/06/2024 Description To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. The Mozilla Foundation Security Advisory describes this flaw as: To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2024-2616 CVE - 2024-2616 ELSA-2024-1484 ELSA-2024-1486 ELSA-2024-1485
  12. Oracle Linux: CVE-2024-2610: ELSA-2024-1494:thunderbird security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 03/19/2024 Created 05/22/2024 Added 03/26/2024 Modified 12/06/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2610 CVE - 2024-2610 ELSA-2024-1494 ELSA-2024-1484 ELSA-2024-1486 ELSA-2024-1498 ELSA-2024-1485 ELSA-2024-1493 View more
  13. Oracle Linux: CVE-2024-2614: ELSA-2024-1494:thunderbird security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 03/19/2024 Created 05/22/2024 Added 03/26/2024 Modified 12/06/2024 Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2614 CVE - 2024-2614 ELSA-2024-1494 ELSA-2024-1484 ELSA-2024-1486 ELSA-2024-1498 ELSA-2024-1485 ELSA-2024-1493 View more
  14. SUSE: CVE-2024-2609: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/17/2024 Added 04/17/2024 Modified 10/11/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-2609 CVE - 2024-2609
  15. SUSE: CVE-2024-2611: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/25/2024 Added 03/25/2024 Modified 04/09/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-2611 CVE - 2024-2611
  16. Amazon Linux AMI 2: CVE-2024-0450: Security patch for python3, python38 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/19/2024 Added 04/19/2024 Modified 11/14/2024 Description An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Solution(s) amazon-linux-ami-2-upgrade-python3 amazon-linux-ami-2-upgrade-python3-debug amazon-linux-ami-2-upgrade-python3-debuginfo amazon-linux-ami-2-upgrade-python3-devel amazon-linux-ami-2-upgrade-python3-libs amazon-linux-ami-2-upgrade-python3-test amazon-linux-ami-2-upgrade-python3-tkinter amazon-linux-ami-2-upgrade-python3-tools amazon-linux-ami-2-upgrade-python38 amazon-linux-ami-2-upgrade-python38-debug amazon-linux-ami-2-upgrade-python38-debuginfo amazon-linux-ami-2-upgrade-python38-devel amazon-linux-ami-2-upgrade-python38-libs amazon-linux-ami-2-upgrade-python38-test amazon-linux-ami-2-upgrade-python38-tkinter amazon-linux-ami-2-upgrade-python38-tools References https://attackerkb.com/topics/cve-2024-0450 AL2/ALAS-2024-2515 AL2/ALASPYTHON3.8-2024-016 CVE - 2024-0450
  17. Gentoo Linux: CVE-2023-6597: Python, PyPy3: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Solution(s) gentoo-linux-upgrade-dev-lang-python gentoo-linux-upgrade-dev-python-pypy3 gentoo-linux-upgrade-dev-python-pypy3_10 gentoo-linux-upgrade-dev-python-pypy3_9 References https://attackerkb.com/topics/cve-2023-6597 CVE - 2023-6597 202405-01
  18. Alpine Linux: CVE-2023-6597: Vulnerability in Multiple Components Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:N) Published 03/19/2024 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Solution(s) alpine-linux-upgrade-python3 References https://attackerkb.com/topics/cve-2023-6597 CVE - 2023-6597 https://security.alpinelinux.org/vuln/CVE-2023-6597
  19. VMware Photon OS: CVE-2024-26640 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-26640 CVE - 2024-26640
  20. Debian: CVE-2024-26632: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses.Move the test that we've reached the end of the bio from bio_next_folio() to bio_first_folio(). [axboe: add unlikely() to error case] Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26632 CVE - 2024-26632
  21. Huawei EulerOS: CVE-2024-26640: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 06/26/2024 Added 06/26/2024 Modified 11/11/2024 Description In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26640 CVE - 2024-26640 EulerOS-SA-2024-1837
  22. Alpine Linux: CVE-2024-1753: Improper Privilege Management Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/18/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. Solution(s) alpine-linux-upgrade-buildah alpine-linux-upgrade-podman References https://attackerkb.com/topics/cve-2024-1753 CVE - 2024-1753 https://security.alpinelinux.org/vuln/CVE-2024-1753
  23. Huawei EulerOS: CVE-2024-26641: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26641 CVE - 2024-26641 EulerOS-SA-2024-1964
  24. Huawei EulerOS: CVE-2023-52615: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/18/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path.This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng.The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52615 CVE - 2023-52615 EulerOS-SA-2024-1837
  25. Red Hat: CVE-2024-2496: libvirt: NULL pointer dereference in udevConnectListAllInterfaces() (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/18/2024 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) redhat-upgrade-libvirt redhat-upgrade-libvirt-client redhat-upgrade-libvirt-client-debuginfo redhat-upgrade-libvirt-client-qemu redhat-upgrade-libvirt-daemon redhat-upgrade-libvirt-daemon-common redhat-upgrade-libvirt-daemon-common-debuginfo redhat-upgrade-libvirt-daemon-config-network redhat-upgrade-libvirt-daemon-config-nwfilter redhat-upgrade-libvirt-daemon-debuginfo redhat-upgrade-libvirt-daemon-driver-interface redhat-upgrade-libvirt-daemon-driver-interface-debuginfo redhat-upgrade-libvirt-daemon-driver-network redhat-upgrade-libvirt-daemon-driver-network-debuginfo redhat-upgrade-libvirt-daemon-driver-nodedev redhat-upgrade-libvirt-daemon-driver-nodedev-debuginfo redhat-upgrade-libvirt-daemon-driver-nwfilter redhat-upgrade-libvirt-daemon-driver-nwfilter-debuginfo redhat-upgrade-libvirt-daemon-driver-qemu redhat-upgrade-libvirt-daemon-driver-qemu-debuginfo redhat-upgrade-libvirt-daemon-driver-secret redhat-upgrade-libvirt-daemon-driver-secret-debuginfo redhat-upgrade-libvirt-daemon-driver-storage redhat-upgrade-libvirt-daemon-driver-storage-core redhat-upgrade-libvirt-daemon-driver-storage-core-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-disk redhat-upgrade-libvirt-daemon-driver-storage-disk-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-iscsi redhat-upgrade-libvirt-daemon-driver-storage-iscsi-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-logical redhat-upgrade-libvirt-daemon-driver-storage-logical-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-mpath redhat-upgrade-libvirt-daemon-driver-storage-mpath-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-rbd redhat-upgrade-libvirt-daemon-driver-storage-rbd-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-scsi redhat-upgrade-libvirt-daemon-driver-storage-scsi-debuginfo redhat-upgrade-libvirt-daemon-kvm redhat-upgrade-libvirt-daemon-lock redhat-upgrade-libvirt-daemon-lock-debuginfo redhat-upgrade-libvirt-daemon-log redhat-upgrade-libvirt-daemon-log-debuginfo redhat-upgrade-libvirt-daemon-plugin-lockd redhat-upgrade-libvirt-daemon-plugin-lockd-debuginfo redhat-upgrade-libvirt-daemon-plugin-sanlock redhat-upgrade-libvirt-daemon-plugin-sanlock-debuginfo redhat-upgrade-libvirt-daemon-proxy redhat-upgrade-libvirt-daemon-proxy-debuginfo redhat-upgrade-libvirt-debuginfo redhat-upgrade-libvirt-debugsource redhat-upgrade-libvirt-devel redhat-upgrade-libvirt-docs redhat-upgrade-libvirt-libs redhat-upgrade-libvirt-libs-debuginfo redhat-upgrade-libvirt-nss redhat-upgrade-libvirt-nss-debuginfo redhat-upgrade-libvirt-wireshark-debuginfo References CVE-2024-2496 RHSA-2024:2236