ISHACK AI BOT

Debian: CVE-2023-52489: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL].Since normal zone start and end pfn contains the device memory PFN's as well, the compaction triggered will try on the device memory PFN's too though they end up in NOP(because pfn_to_online_page() returns NULL for ZONE_DEVICE memory sections).When from other core, the section mappings are being removed for the ZONE_DEVICE region, that the PFN in question belongs to, on which compaction is currently being operated is resulting into the kernel crash with CONFIG_SPASEMEM_VMEMAP enabled.The crash logs can be seen at [1]. compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid(): valid_section()//return true (b)__remove_pages()-> sparse_remove_section()-> section_deactivate(): [Free the array ms->usage and set ms->usage = NULL] pfn_section_valid() [Access ms->usage which is NULL] NOTE: From the above it can be said that the race is reduced to between the pfn_valid()/pfn_section_valid() and the section deactivate with SPASEMEM_VMEMAP enabled. The commit b943f045a9af("mm/sparse: fix kernel crash with pfn_section_valid check") tried to address the same problem by clearing the SECTION_HAS_MEM_MAP with the expectation of valid_section() returns false thus ms->usage is not accessed. Fix this issue by the below steps: a) Clear SECTION_HAS_MEM_MAP before freeing the ->usage. b) RCU protected read side critical section will either return NULL when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage. c) Free the ->usage with kfree_rcu() and set ms->usage = NULL.No attempt will be made to access ->usage after this as the SECTION_HAS_MEM_MAP is cleared thus valid_section() return false. Thanks to David/Pavan for their inputs on this patch. [1] https://lore.kernel.org/linux-mm/[email protected]/ On Snapdragon SoC, with the mentioned memory configuration of PFN's as [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of issues daily while testing on a device farm. For this particular issue below is the log.Though the below log is not directly pointing to the pfn_section_valid(){ ms->usage;}, when we loaded this dump on T32 lauterbach tool, it is pointing. [540.578056] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [540.578068] Mem abort info: [540.578070] ESR = 0x0000000096000005 [540.578073] EC = 0x25: DABT (current EL), IL = 32 bits [540.578077] SET = 0, FnV = 0 [540.578080] EA = 0, S1PTW = 0 [540.578082] FSC = 0x05: level 1 translation fault [540.578085] Data abort info: [540.578086] ISV = 0, ISS = 0x00000005 [540.578088] CM = 0, WnR = 0 [540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--) [540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [540.579454] lr : compact_zone+0x994/0x1058 [540.579460] sp : ffffffc03579b510 [540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c [540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001 [540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000 ---truncated--- Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52489 CVE - 2023-52489 DSA-5681-1

Alma Linux: CVE-2024-26615: Moderate: kernel update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL> - continuously dump SMC-D connections in parallel: watch -n 1 'smcss -D' BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x66/0x150 ? exc_page_fault+0x69/0x140 ? asm_exc_page_fault+0x26/0x30 ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] ? __kmalloc_node_track_caller+0x35d/0x430 ? __alloc_skb+0x77/0x170 smc_diag_dump_proto+0xd0/0xf0 [smc_diag] smc_diag_dump+0x26/0x60 [smc_diag] netlink_dump+0x19f/0x320 __netlink_dump_start+0x1dc/0x300 smc_diag_handler_dump+0x6a/0x80 [smc_diag] ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag] sock_diag_rcv_msg+0x121/0x140 ? __pfx_sock_diag_rcv_msg+0x10/0x10 netlink_rcv_skb+0x5a/0x110 sock_diag_rcv+0x28/0x40 netlink_unicast+0x22a/0x330 netlink_sendmsg+0x1f8/0x420 __sock_sendmsg+0xb0/0xc0 ____sys_sendmsg+0x24e/0x300 ? copy_msghdr_from_user+0x62/0x80 ___sys_sendmsg+0x7c/0xd0 ? __do_fault+0x34/0x160 ? do_read_fault+0x5f/0x100 ? do_fault+0xb0/0x110 ? __handle_mm_fault+0x2b0/0x6c0 __sys_sendmsg+0x4d/0x80 do_syscall_64+0x69/0x180 entry_SYSCALL_64_after_hwframe+0x6e/0x76 It is possible that the connection is in process of being established when we dump it. Assumed that the connection has been registered in a link group by smc_conn_create() but the rmb_desc has not yet been initialized by smc_buf_create(), thus causing the illegal access to conn->rmb_desc. So fix it by checking before dump. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-uki-virt-addons alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2024-26615 CVE - 2024-26615 https://errata.almalinux.org/8/ALSA-2024-3618.html https://errata.almalinux.org/8/ALSA-2024-3627.html https://errata.almalinux.org/9/ALSA-2024-10939.html

SUSE: CVE-2023-52493: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 04/18/2024 Added 04/18/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable] Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-52493 CVE - 2023-52493

Ubuntu: (Multiple Advisories) (CVE-2024-26614): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 05/18/2024 Added 05/17/2024 Modified 11/15/2024 Description In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7 30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900 RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000 R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000 FS:00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0 Call Trace: <IRQ> _raw_spin_unlock (kernel/locking/spinlock.c:186) inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321) inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358) tcp_check_req (net/ipv4/tcp_minisocks.c:868) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205) ip_local_deliver_finish (net/ipv4/ip_input.c:234) __netif_receive_skb_one_core (net/core/dev.c:5529) process_backlog (./include/linux/rcupdate.h:779) __napi_poll (net/core/dev.c:6533) net_rx_action (net/core/dev.c:6604) __do_softirq (./arch/x86/include/asm/jump_label.h:27) do_softirq (kernel/softirq.c:454 kernel/softirq.c:441) </IRQ> <TASK> __local_bh_enable_ip (kernel/softirq.c:381) __dev_queue_xmit (net/core/dev.c:4374) ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235) __ip_queue_xmit (net/ipv4/ip_output.c:535) __tcp_transmit_skb (net/ipv4/tcp_output.c:1462) tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469) tcp_rcv_state_process (net/ipv4/tcp_input.c:6657) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929) __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968) release_sock (net/core/sock.c:3536) inet_wait_for_connect (net/ipv4/af_inet.c:609) __inet_stream_connect (net/ipv4/af_inet.c:702) inet_stream_connect (net/ipv4/af_inet.c:748) __sys_connect (./include/linux/file.h:45 net/socket.c:2064) __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) RIP: 0033:0x7fa10ff05a3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640 R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20 </TASK> The issue triggering process is analyzed as follows: Thread A Thread B tcp_v4_rcv //receive ack TCP packet inet_shutdown tcp_check_reqtcp_disconnect //disconnect sock ...tcp_set_state(sk, TCP_CLOSE) inet_csk_complete_hashdance... inet_csk_reqsk_queue_add ---truncated--- Solution(s) ubuntu-upgrade-linux-image-4-15-0-1131-oracle ubuntu-upgrade-linux-image-4-15-0-1152-kvm ubuntu-upgrade-linux-image-4-15-0-1162-gcp ubuntu-upgrade-linux-image-4-15-0-1168-aws ubuntu-upgrade-linux-image-4-15-0-1177-azure ubuntu-upgrade-linux-image-4-15-0-225-generic ubuntu-upgrade-linux-image-4-15-0-225-lowlatency ubuntu-upgrade-linux-image-4-4-0-1131-aws ubuntu-upgrade-linux-image-4-4-0-1132-kvm ubuntu-upgrade-linux-image-4-4-0-1169-aws ubuntu-upgrade-linux-image-4-4-0-254-generic ubuntu-upgrade-linux-image-4-4-0-254-lowlatency ubuntu-upgrade-linux-image-5-15-0-1044-gkeop ubuntu-upgrade-linux-image-5-15-0-1054-ibm ubuntu-upgrade-linux-image-5-15-0-1054-nvidia ubuntu-upgrade-linux-image-5-15-0-1054-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1054-raspi ubuntu-upgrade-linux-image-5-15-0-1057-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-gke ubuntu-upgrade-linux-image-5-15-0-1058-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-kvm ubuntu-upgrade-linux-image-5-15-0-1059-gcp ubuntu-upgrade-linux-image-5-15-0-1059-oracle ubuntu-upgrade-linux-image-5-15-0-106-generic ubuntu-upgrade-linux-image-5-15-0-106-generic-64k ubuntu-upgrade-linux-image-5-15-0-106-generic-lpae ubuntu-upgrade-linux-image-5-15-0-106-lowlatency ubuntu-upgrade-linux-image-5-15-0-106-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1061-aws ubuntu-upgrade-linux-image-5-15-0-1063-azure ubuntu-upgrade-linux-image-5-15-0-1063-azure-fde ubuntu-upgrade-linux-image-5-4-0-1037-iot ubuntu-upgrade-linux-image-5-4-0-1044-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1072-ibm ubuntu-upgrade-linux-image-5-4-0-1085-bluefield ubuntu-upgrade-linux-image-5-4-0-1092-gkeop ubuntu-upgrade-linux-image-5-4-0-1109-raspi ubuntu-upgrade-linux-image-5-4-0-1113-kvm ubuntu-upgrade-linux-image-5-4-0-1124-oracle ubuntu-upgrade-linux-image-5-4-0-1125-aws ubuntu-upgrade-linux-image-5-4-0-1129-gcp ubuntu-upgrade-linux-image-5-4-0-1130-azure ubuntu-upgrade-linux-image-5-4-0-182-generic ubuntu-upgrade-linux-image-5-4-0-182-generic-lpae ubuntu-upgrade-linux-image-5-4-0-182-lowlatency ubuntu-upgrade-linux-image-6-5-0-1014-starfive ubuntu-upgrade-linux-image-6-5-0-1016-laptop ubuntu-upgrade-linux-image-6-5-0-1017-raspi ubuntu-upgrade-linux-image-6-5-0-1019-nvidia ubuntu-upgrade-linux-image-6-5-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-5-0-1020-aws ubuntu-upgrade-linux-image-6-5-0-1020-gcp ubuntu-upgrade-linux-image-6-5-0-1021-azure ubuntu-upgrade-linux-image-6-5-0-1021-azure-fde ubuntu-upgrade-linux-image-6-5-0-1023-oem ubuntu-upgrade-linux-image-6-5-0-1023-oracle ubuntu-upgrade-linux-image-6-5-0-1023-oracle-64k ubuntu-upgrade-linux-image-6-5-0-35-generic ubuntu-upgrade-linux-image-6-5-0-35-generic-64k ubuntu-upgrade-linux-image-6-5-0-35-lowlatency ubuntu-upgrade-linux-image-6-5-0-35-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-5 ubuntu-upgrade-linux-image-nvidia-64k-6-5 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-26614 CVE - 2024-26614 USN-6765-1 USN-6766-1 USN-6766-2 USN-6766-3 USN-6774-1 USN-6776-1 USN-6777-1 USN-6777-2 USN-6777-3 USN-6777-4 USN-6778-1 USN-6795-1 USN-6828-1 View more

Red Hat: CVE-2024-26610: kernel: wifi: iwlwifi: fix a memory corruption (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:C) Published 03/11/2024 Created 06/07/2024 Added 06/06/2024 Modified 12/16/2024 Description In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-26610 RHSA-2024:3618 RHSA-2024:3627

Huawei EulerOS: CVE-2023-52492: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [1.484499] Call trace: [1.486930]device_del+0x40/0x394 [1.490314]device_unregister+0x20/0x7c [1.494220]__dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52492 CVE - 2023-52492 EulerOS-SA-2024-2240

Amazon Linux AMI 2: CVE-2024-1441: Security patch for libvirt (ALAS-2024-2513) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/19/2024 Description An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Solution(s) amazon-linux-ami-2-upgrade-libvirt amazon-linux-ami-2-upgrade-libvirt-admin amazon-linux-ami-2-upgrade-libvirt-bash-completion amazon-linux-ami-2-upgrade-libvirt-client amazon-linux-ami-2-upgrade-libvirt-daemon amazon-linux-ami-2-upgrade-libvirt-daemon-config-network amazon-linux-ami-2-upgrade-libvirt-daemon-config-nwfilter amazon-linux-ami-2-upgrade-libvirt-daemon-driver-interface amazon-linux-ami-2-upgrade-libvirt-daemon-driver-lxc amazon-linux-ami-2-upgrade-libvirt-daemon-driver-network amazon-linux-ami-2-upgrade-libvirt-daemon-driver-nodedev amazon-linux-ami-2-upgrade-libvirt-daemon-driver-nwfilter amazon-linux-ami-2-upgrade-libvirt-daemon-driver-qemu amazon-linux-ami-2-upgrade-libvirt-daemon-driver-secret amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-core amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-disk amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-gluster amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-iscsi amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-logical amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-mpath amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-rbd amazon-linux-ami-2-upgrade-libvirt-daemon-driver-storage-scsi amazon-linux-ami-2-upgrade-libvirt-daemon-kvm amazon-linux-ami-2-upgrade-libvirt-daemon-lxc amazon-linux-ami-2-upgrade-libvirt-debuginfo amazon-linux-ami-2-upgrade-libvirt-devel amazon-linux-ami-2-upgrade-libvirt-docs amazon-linux-ami-2-upgrade-libvirt-libs amazon-linux-ami-2-upgrade-libvirt-lock-sanlock amazon-linux-ami-2-upgrade-libvirt-login-shell amazon-linux-ami-2-upgrade-libvirt-nss References https://attackerkb.com/topics/cve-2024-1441 AL2/ALAS-2024-2513 CVE - 2024-1441

SUSE: CVE-2024-27351: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 03/13/2024 Added 03/12/2024 Modified 03/18/2024 Description In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. Solution(s) suse-upgrade-python3-django suse-upgrade-python3-django1 References https://attackerkb.com/topics/cve-2024-27351 CVE - 2024-27351

SUSE: CVE-2023-52492: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 04/17/2024 Added 04/17/2024 Modified 05/06/2024 Description In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When dma_async_device_unregister() is called (because of managed API or intentionally by DMA controller driver), channels are unconditionally unregistered, leading to this NULL pointer: [1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 [...] [1.484499] Call trace: [1.486930]device_del+0x40/0x394 [1.490314]device_unregister+0x20/0x7c [1.494220]__dma_async_device_channel_unregister+0x68/0xc0 Look at dma_async_device_register() function error path, channel device unregistration is done only if chan->local is not NULL. Then add the same condition at the beginning of __dma_async_device_channel_unregister() function, to avoid NULL pointer issue whatever the API used to reach this function. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-52492 CVE - 2023-52492

Debian: CVE-2023-52488: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO data without having to resend the register address each time. In this mode, the IC doesn't increment the register address for each R/W byte. The regmap_raw_read() and regmap_raw_write() are functions which can perform IO over multiple registers. They are currently used to read/write from/to the FIFO, and although they operate correctly in this burst mode on the SPI bus, they would corrupt the regmap cache if it was not disabled manually. The reason is that when the R/W size is more than 1 byte, these functions assume that the register address is incremented and handle the cache accordingly. Convert FIFO R/W functions to use the regmap _noinc_ versions in order to remove the manual cache control which was a workaround when using the _raw_ versions. FIFO registers are properly declared as volatile so cache will not be used/updated for FIFO accesses. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52488 CVE - 2023-52488 DSA-5681-1

Debian: CVE-2023-52486: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is that the fb will (eventually) end up being freed while it's still in use. Reset fb to NULL once we've unreffed it to avoid doing it again until we've done another fb lookup. This turned out to be pretty easy to hit on a DG2 when doing async flips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I saw that drm_closefb() simply got stuck in a busy loop while walking the framebuffer list. Fortunately I was able to convince it to oops instead, and from there it was easier to track down the culprit. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52486 CVE - 2023-52486 DSA-5681-1

Debian: CVE-2023-52498: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because async_schedule_dev() executes its argument function synchronously if it cannot allocate memory (and not only in that case) and that function attempts to acquire a mutex that is already held.Executing the argument function synchronously from within dpm_async_fn() may also be problematic for ordering reasons (it may cause a consumer device's resume callback to be invoked before a requisite supplier device's one, for example). Address this by changing the code in question to use async_schedule_dev_nocall() for scheduling the asynchronous execution of device suspend and resume functions and to directly run them synchronously if async_schedule_dev_nocall() returns false. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52498 CVE - 2023-52498 DSA-5681-1

Debian: CVE-2023-52493: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parse_xfer_event() such that a callback given to client can potentially queue buffers and acquire the write lock in that process. Any queueing of buffers should be done without channel read lock acquired as it can result in multiple locks and a soft lockup. [mani: added fixes tag and cc'ed stable] Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52493 CVE - 2023-52493 DSA-5681-1

Debian: CVE-2023-52491: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/11/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens in mtk_jpeg_set_dec_dst, it will finally start the worker while mark the job as finished by invoking v4l2_m2m_job_finish. There are two methods to trigger the bug. If we remove the module, it which will call mtk_jpeg_remove to make cleanup. The possible sequence is as follows, which will cause a use-after-free bug. CPU0CPU1 mtk_jpeg_dec_...| start worker | |mtk_jpeg_job_timeout_work mtk_jpeg_remove | v4l2_m2m_release| kfree(m2m_dev); | | | v4l2_m2m_get_curr_priv | m2m_dev->curr_ctx //use If we close the file descriptor, which will call mtk_jpeg_release, it will have a similar sequence. Fix this bug by starting timeout worker only if started jpegdec worker successfully. Then v4l2_m2m_job_finish will only be called in either mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52491 CVE - 2023-52491 DSA-5681-1

Oracle Linux: CVE-2024-2314: ELSA-2024-8831:bcc security update (LOW) (Multiple Advisories) Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 03/10/2024 Created 11/13/2024 Added 11/11/2024 Modified 12/21/2024 Description If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise. Solution(s) oracle-linux-upgrade-bcc oracle-linux-upgrade-bcc-devel oracle-linux-upgrade-bcc-doc oracle-linux-upgrade-bcc-tools oracle-linux-upgrade-libbpf-tools oracle-linux-upgrade-python3-bcc References https://attackerkb.com/topics/cve-2024-2314 CVE - 2024-2314 ELSA-2024-8831 ELSA-2024-9187

Huawei EulerOS: CVE-2024-28757: expat security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) huawei-euleros-2_0_sp9-upgrade-expat References https://attackerkb.com/topics/cve-2024-28757 CVE - 2024-28757 EulerOS-SA-2024-1956

Alma Linux: CVE-2024-2314: Low: bcc security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 11/08/2024 Added 11/07/2024 Modified 11/19/2024 Description If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. Solution(s) alma-upgrade-bcc alma-upgrade-bcc-devel alma-upgrade-bcc-doc alma-upgrade-bcc-tools alma-upgrade-libbpf-tools alma-upgrade-python3-bcc References https://attackerkb.com/topics/cve-2024-2314 CVE - 2024-2314 https://errata.almalinux.org/8/ALSA-2024-8831.html https://errata.almalinux.org/9/ALSA-2024-9187.html

Alpine Linux: CVE-2024-28757: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 04/09/2024 Added 03/26/2024 Modified 10/01/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) alpine-linux-upgrade-expat References https://attackerkb.com/topics/cve-2024-28757 CVE - 2024-28757 https://security.alpinelinux.org/vuln/CVE-2024-28757

Amazon Linux 2023: CVE-2024-2313: Low priority package update for bpftrace Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 03/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. A flaw was found in BPFtrace. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bpftrace to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise. Solution(s) amazon-linux-2023-upgrade-bpftrace amazon-linux-2023-upgrade-bpftrace-debuginfo amazon-linux-2023-upgrade-bpftrace-debugsource References https://attackerkb.com/topics/cve-2024-2313 CVE - 2024-2313 https://alas.aws.amazon.com/AL2023/ALAS-2024-627.html

Amazon Linux 2023: CVE-2024-2314: Low priority package update for bcc Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 03/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise. Solution(s) amazon-linux-2023-upgrade-bcc amazon-linux-2023-upgrade-bcc-debuginfo amazon-linux-2023-upgrade-bcc-debugsource amazon-linux-2023-upgrade-bcc-devel amazon-linux-2023-upgrade-bcc-doc amazon-linux-2023-upgrade-bcc-tools amazon-linux-2023-upgrade-bcc-tools-debuginfo amazon-linux-2023-upgrade-libbpf-tools amazon-linux-2023-upgrade-libbpf-tools-debuginfo amazon-linux-2023-upgrade-python3-bcc References https://attackerkb.com/topics/cve-2024-2314 CVE - 2024-2314 https://alas.aws.amazon.com/AL2023/ALAS-2024-626.html

SUSE: CVE-2024-28757: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 04/10/2024 Added 04/09/2024 Modified 04/09/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) suse-upgrade-expat suse-upgrade-libexpat-devel suse-upgrade-libexpat-devel-32bit suse-upgrade-libexpat1 suse-upgrade-libexpat1-32bit References https://attackerkb.com/topics/cve-2024-28757 CVE - 2024-28757

Huawei EulerOS: CVE-2024-28757: expat security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 06/26/2024 Added 06/26/2024 Modified 11/11/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) huawei-euleros-2_0_sp11-upgrade-expat References https://attackerkb.com/topics/cve-2024-28757 CVE - 2024-28757 EulerOS-SA-2024-1831

Red Hat: CVE-2024-28757: expat: XML Entity Expansion (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/10/2024 Created 03/27/2024 Added 03/27/2024 Modified 09/03/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) redhat-upgrade-expat redhat-upgrade-expat-debuginfo redhat-upgrade-expat-debugsource redhat-upgrade-expat-devel References CVE-2024-28757 RHSA-2024:1530 RHSA-2024:3926

Red Hat: CVE-2024-2314: bcc: unprivileged users can force loading of compromised linux headers (Multiple Advisories) Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 03/10/2024 Created 11/07/2024 Added 11/06/2024 Modified 11/13/2024 Description If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. Solution(s) redhat-upgrade-bcc redhat-upgrade-bcc-debuginfo redhat-upgrade-bcc-debugsource redhat-upgrade-bcc-devel redhat-upgrade-bcc-doc redhat-upgrade-bcc-tools redhat-upgrade-bcc-tools-debuginfo redhat-upgrade-libbpf-tools redhat-upgrade-libbpf-tools-debuginfo redhat-upgrade-python3-bcc References CVE-2024-2314 RHSA-2024:8831 RHSA-2024:9187

Alma Linux: CVE-2024-28757: Moderate: expat security update (ALSA-2024-1530) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/10/2024 Created 04/04/2024 Added 04/04/2024 Modified 04/04/2024 Description libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Solution(s) alma-upgrade-expat alma-upgrade-expat-devel References https://attackerkb.com/topics/cve-2024-28757 CVE - 2024-28757 https://errata.almalinux.org/9/ALSA-2024-1530.html