ISHACK AI BOT

Aruba AOS-8: CVE-2024-25613: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2024-25613 References https://attackerkb.com/topics/cve-2024-25613 CVE - 2024-25613 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

Aruba AOS-8: CVE-2024-25615: Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Spectrum Service Accessed via the PAPI Protocol Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. Solution(s) aruba-aos-8-cve-2024-25615 References https://attackerkb.com/topics/cve-2024-25615 CVE - 2024-25615 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

VMware Fusion: Vulnerability (VMSA-2024-0006) (CVE-2024-22253) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 03/05/2024 Created 03/08/2024 Added 03/07/2024 Modified 04/24/2024 Description VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. Solution(s) vmware-fusion-upgrade-13_5_1 References https://attackerkb.com/topics/cve-2024-22253 CVE - 2024-22253 http://www.vmware.com/security/advisories/VMSA-2024-0006.html

Aruba AOS-8: CVE-2024-25614: Authenticated Arbitrary File Deletion in ArubaOS CLI Severity 7 CVSS (AV:N/AC:L/Au:M/C:N/I:P/A:C) Published 03/05/2024 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. Solution(s) aruba-aos-8-cve-2024-25614 References https://attackerkb.com/topics/cve-2024-25614 CVE - 2024-25614 https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_2024-002.json

VMware Photon OS: CVE-2021-47097 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_command() with PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but it's defined in the stack as an array of 2 bytes, therefore we have a potential stack out-of-bounds access here, also confirmed by KASAN: [6.512374] BUG: KASAN: stack-out-of-bounds in __ps2_command+0x372/0x7e0 [6.512397] Read of size 1 at addr ffff8881024d77c2 by task kworker/2:1/118 [6.512416] CPU: 2 PID: 118 Comm: kworker/2:1 Not tainted 5.13.0-22-generic #22+arighi20211110 [6.512428] Hardware name: LENOVO 20T8000QGE/20T8000QGE, BIOS R1AET32W (1.08 ) 08/14/2020 [6.512436] Workqueue: events_long serio_handle_event [6.512453] Call Trace: [6.512462]show_stack+0x52/0x58 [6.512474]dump_stack+0xa1/0xd3 [6.512487]print_address_description.constprop.0+0x1d/0x140 [6.512502]? __ps2_command+0x372/0x7e0 [6.512516]__kasan_report.cold+0x7d/0x112 [6.512527]? _raw_write_lock_irq+0x20/0xd0 [6.512539]? __ps2_command+0x372/0x7e0 [6.512552]kasan_report+0x3c/0x50 [6.512564]__asan_load1+0x6a/0x70 [6.512575]__ps2_command+0x372/0x7e0 [6.512589]? ps2_drain+0x240/0x240 [6.512601]? dev_printk_emit+0xa2/0xd3 [6.512612]? dev_vprintk_emit+0xc5/0xc5 [6.512621]? __kasan_check_write+0x14/0x20 [6.512634]? mutex_lock+0x8f/0xe0 [6.512643]? __mutex_lock_slowpath+0x20/0x20 [6.512655]ps2_command+0x52/0x90 [6.512670]elantech_ps2_command+0x4f/0xc0 [psmouse] [6.512734]elantech_change_report_id+0x1e6/0x256 [psmouse] [6.512799]? elantech_report_trackpoint.constprop.0.cold+0xd/0xd [psmouse] [6.512863]? ps2_command+0x7f/0x90 [6.512877]elantech_query_info.cold+0x6bd/0x9ed [psmouse] [6.512943]? elantech_setup_ps2+0x460/0x460 [psmouse] [6.513005]? psmouse_reset+0x69/0xb0 [psmouse] [6.513064]? psmouse_attr_set_helper+0x2a0/0x2a0 [psmouse] [6.513122]? phys_pmd_init+0x30e/0x521 [6.513137]elantech_init+0x8a/0x200 [psmouse] [6.513200]? elantech_init_ps2+0xf0/0xf0 [psmouse] [6.513249]? elantech_query_info+0x440/0x440 [psmouse] [6.513296]? synaptics_send_cmd+0x60/0x60 [psmouse] [6.513342]? elantech_query_info+0x440/0x440 [psmouse] [6.513388]? psmouse_try_protocol+0x11e/0x170 [psmouse] [6.513432]psmouse_extensions+0x65d/0x6e0 [psmouse] [6.513476]? psmouse_try_protocol+0x170/0x170 [psmouse] [6.513519]? mutex_unlock+0x22/0x40 [6.513526]? ps2_command+0x7f/0x90 [6.513536]? psmouse_probe+0xa3/0xf0 [psmouse] [6.513580]psmouse_switch_protocol+0x27d/0x2e0 [psmouse] [6.513624]psmouse_connect+0x272/0x530 [psmouse] [6.513669]serio_driver_probe+0x55/0x70 [6.513679]really_probe+0x190/0x720 [6.513689]driver_probe_device+0x160/0x1f0 [6.513697]device_driver_attach+0x119/0x130 [6.513705]? device_driver_attach+0x130/0x130 [6.513713]__driver_attach+0xe7/0x1a0 [6.513720]? device_driver_attach+0x130/0x130 [6.513728]bus_for_each_dev+0xfb/0x150 [6.513738]? subsys_dev_iter_exit+0x10/0x10 [6.513748]? _raw_write_unlock_bh+0x30/0x30 [6.513757]driver_attach+0x2d/0x40 [6.513764]serio_handle_event+0x199/0x3d0 [6.513775]process_one_work+0x471/0x740 [6.513785]worker_thread+0x2d2/0x790 [6.513794]? process_one_work+0x740/0x740 [6.513802]kthread+0x1b4/0x1e0 [6.513809]? set_kthread_struct+0x80/0x80 [6.513816]ret_from_fork+0x22/0x30 [6.513832] The buggy address belongs to the page: [6.513838] page:00000000bc35e189 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d7 [6.513847] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [6.513860] raw: 0 ---truncated--- Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2021-47097 CVE - 2021-47097

VMware Photon OS: CVE-2021-47090 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page() Hulk Robot reported a panic in put_page_testzero() when testing madvise() with MADV_SOFT_OFFLINE.The BUG() is triggered when retrying get_any_page().This is because we keep MF_COUNT_INCREASED flag in second try but the refcnt is not increased. page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0) ------------[ cut here ]------------ kernel BUG at include/linux/mm.h:737! invalid opcode: 0000 [#1] PREEMPT SMP CPU: 5 PID: 2135 Comm: sshd Tainted: GB 5.16.0-rc6-dirty #373 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: release_pages+0x53f/0x840 Call Trace: free_pages_and_swap_cache+0x64/0x80 tlb_flush_mmu+0x6f/0x220 unmap_page_range+0xe6c/0x12c0 unmap_single_vma+0x90/0x170 unmap_vmas+0xc4/0x180 exit_mmap+0xde/0x3a0 mmput+0xa3/0x250 do_exit+0x564/0x1470 do_group_exit+0x3b/0x100 __do_sys_exit_group+0x13/0x20 __x64_sys_exit_group+0x16/0x20 do_syscall_64+0x34/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Modules linked in: ---[ end trace e99579b570fe0649 ]--- RIP: 0010:release_pages+0x53f/0x840 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2021-47090 CVE - 2021-47090

VMware Photon OS: CVE-2021-47086 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/04/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl() implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1) We'd send an pipe enablement request with an invalid source object. 2) Later socket calls could BUG on the socket unexpectedly being connected yet not bound to a valid object. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2021-47086 CVE - 2021-47086

Debian: CVE-2024-26622: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/04/2024 Created 05/08/2024 Added 05/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held.Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26622 CVE - 2024-26622 DSA-5681-1

Debian: CVE-2021-47108: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/04/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf In commit 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only") a check for CEA modes was added to function mtk_hdmi_bridge_mode_valid() in order to address possible issues on MT8167; moreover, with commit c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock") another similar check was introduced. Unfortunately though, at the time of writing, MT8173 does not provide any mtk_hdmi_conf structure and this is crashing the kernel with NULL pointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as soon as a HDMI cable gets plugged in. To fix this regression, add a NULL pointer check for hdmi->conf in the said function, restoring HDMI functionality and avoiding NULL pointer kernel panics. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47108 CVE - 2021-47108

JetBrains TeamCity: CVE-2024-27199: Path traversal allowing to perform limited admin actionswas possible. Reported by Rapid7 team (TW-86502) Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 03/05/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actionswas possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-27199 CVE - 2024-27199 https://www.jetbrains.com/privacy-security/issues-fixed/ https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

JetBrains TeamCity: CVE-2024-27198: Authentication bypass allowing to perform admin actions was possible. Reported by Rapid7 team (TW-86500) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/04/2024 Created 03/05/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2024-27198 CVE - 2024-27198 https://www.jetbrains.com/privacy-security/issues-fixed/ https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive

Red Hat: CVE-2021-47098: kernel: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 03/04/2024 Created 12/06/2024 Added 12/05/2024 Modified 02/06/2025 Description In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative. Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2021-47098 RHSA-2024:9315

Red Hat: CVE-2024-24785: golang: html/template: errors returned from MarshalJSON methods may break template escaping (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/05/2024 Created 05/01/2024 Added 05/01/2024 Modified 11/13/2024 Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Solution(s) redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests References CVE-2024-24785 RHSA-2024:2562 RHSA-2024:3259 RHSA-2024:9135

Red Hat: CVE-2021-47097: kernel: Input: elantech - fix stack out of bound access in elantech_change_report_id() (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 03/04/2024 Created 09/26/2024 Added 09/25/2024 Modified 09/25/2024 Description In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_command() with PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but it's defined in the stack as an array of 2 bytes, therefore we have a potential stack out-of-bounds access here, also confirmed by KASAN: [6.512374] BUG: KASAN: stack-out-of-bounds in __ps2_command+0x372/0x7e0 [6.512397] Read of size 1 at addr ffff8881024d77c2 by task kworker/2:1/118 [6.512416] CPU: 2 PID: 118 Comm: kworker/2:1 Not tainted 5.13.0-22-generic #22+arighi20211110 [6.512428] Hardware name: LENOVO 20T8000QGE/20T8000QGE, BIOS R1AET32W (1.08 ) 08/14/2020 [6.512436] Workqueue: events_long serio_handle_event [6.512453] Call Trace: [6.512462]show_stack+0x52/0x58 [6.512474]dump_stack+0xa1/0xd3 [6.512487]print_address_description.constprop.0+0x1d/0x140 [6.512502]? __ps2_command+0x372/0x7e0 [6.512516]__kasan_report.cold+0x7d/0x112 [6.512527]? _raw_write_lock_irq+0x20/0xd0 [6.512539]? __ps2_command+0x372/0x7e0 [6.512552]kasan_report+0x3c/0x50 [6.512564]__asan_load1+0x6a/0x70 [6.512575]__ps2_command+0x372/0x7e0 [6.512589]? ps2_drain+0x240/0x240 [6.512601]? dev_printk_emit+0xa2/0xd3 [6.512612]? dev_vprintk_emit+0xc5/0xc5 [6.512621]? __kasan_check_write+0x14/0x20 [6.512634]? mutex_lock+0x8f/0xe0 [6.512643]? __mutex_lock_slowpath+0x20/0x20 [6.512655]ps2_command+0x52/0x90 [6.512670]elantech_ps2_command+0x4f/0xc0 [psmouse] [6.512734]elantech_change_report_id+0x1e6/0x256 [psmouse] [6.512799]? elantech_report_trackpoint.constprop.0.cold+0xd/0xd [psmouse] [6.512863]? ps2_command+0x7f/0x90 [6.512877]elantech_query_info.cold+0x6bd/0x9ed [psmouse] [6.512943]? elantech_setup_ps2+0x460/0x460 [psmouse] [6.513005]? psmouse_reset+0x69/0xb0 [psmouse] [6.513064]? psmouse_attr_set_helper+0x2a0/0x2a0 [psmouse] [6.513122]? phys_pmd_init+0x30e/0x521 [6.513137]elantech_init+0x8a/0x200 [psmouse] [6.513200]? elantech_init_ps2+0xf0/0xf0 [psmouse] [6.513249]? elantech_query_info+0x440/0x440 [psmouse] [6.513296]? synaptics_send_cmd+0x60/0x60 [psmouse] [6.513342]? elantech_query_info+0x440/0x440 [psmouse] [6.513388]? psmouse_try_protocol+0x11e/0x170 [psmouse] [6.513432]psmouse_extensions+0x65d/0x6e0 [psmouse] [6.513476]? psmouse_try_protocol+0x170/0x170 [psmouse] [6.513519]? mutex_unlock+0x22/0x40 [6.513526]? ps2_command+0x7f/0x90 [6.513536]? psmouse_probe+0xa3/0xf0 [psmouse] [6.513580]psmouse_switch_protocol+0x27d/0x2e0 [psmouse] [6.513624]psmouse_connect+0x272/0x530 [psmouse] [6.513669]serio_driver_probe+0x55/0x70 [6.513679]really_probe+0x190/0x720 [6.513689]driver_probe_device+0x160/0x1f0 [6.513697]device_driver_attach+0x119/0x130 [6.513705]? device_driver_attach+0x130/0x130 [6.513713]__driver_attach+0xe7/0x1a0 [6.513720]? device_driver_attach+0x130/0x130 [6.513728]bus_for_each_dev+0xfb/0x150 [6.513738]? subsys_dev_iter_exit+0x10/0x10 [6.513748]? _raw_write_unlock_bh+0x30/0x30 [6.513757]driver_attach+0x2d/0x40 [6.513764]serio_handle_event+0x199/0x3d0 [6.513775]process_one_work+0x471/0x740 [6.513785]worker_thread+0x2d2/0x790 [6.513794]? process_one_work+0x740/0x740 [6.513802]kthread+0x1b4/0x1e0 [6.513809]? set_kthread_struct+0x80/0x80 [6.513816]ret_from_fork+0x22/0x30 [6.513832] The buggy address belongs to the page: [6.513838] page:00000000bc35e189 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d7 [6.513847] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [6.513860] raw: 0 ---truncated--- Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2021-47097 RHSA-2024:7000 RHSA-2024:7001

Huawei EulerOS: CVE-2023-45289: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 05/10/2024 Added 05/13/2024 Modified 05/13/2024 Description When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded. Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-45289 CVE - 2023-45289 EulerOS-SA-2024-1589

Amazon Linux AMI 2: CVE-2024-24783: Security patch for golang (ALAS-2024-2554) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. Solution(s) amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2024-24783 AL2/ALAS-2024-2554 CVE - 2024-24783

Amazon Linux AMI 2: CVE-2024-24785: Security patch for golang (ALAS-2024-2554) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. Solution(s) amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2024-24785 AL2/ALAS-2024-2554 CVE - 2024-24785

Rocky Linux: CVE-2024-1936: thunderbird (RLSA-2024-1494) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/29/2024 Description The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-1936 CVE - 2024-1936 https://errata.rockylinux.org/RLSA-2024:1494

SUSE: CVE-2024-0074: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/05/2024 Created 03/07/2024 Added 03/06/2024 Modified 04/01/2024 Description NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering. Solution(s) suse-upgrade-kernel-firmware-nvidia-gspx-g06 suse-upgrade-nvidia-open-driver-g06-signed-64kb-devel suse-upgrade-nvidia-open-driver-g06-signed-azure-devel suse-upgrade-nvidia-open-driver-g06-signed-default-devel suse-upgrade-nvidia-open-driver-g06-signed-kmp-64kb suse-upgrade-nvidia-open-driver-g06-signed-kmp-azure suse-upgrade-nvidia-open-driver-g06-signed-kmp-default References https://attackerkb.com/topics/cve-2024-0074 CVE - 2024-0074

Ubuntu: (CVE-2021-47104): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/04/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 ("Resource leak") Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 References https://attackerkb.com/topics/cve-2021-47104 CVE - 2021-47104 https://git.kernel.org/linus/bee90911e0138c76ee67458ac0d58b38a3190f65 https://git.kernel.org/stable/c/0aaec9c5f60754b56f84460ea439b8c5e91f4caa https://git.kernel.org/stable/c/1ced0a3015a95c6a6db45e37250912c4c86697ab https://git.kernel.org/stable/c/76b648063eb36c72dfc0a6896de8a0a7d2c7841c https://git.kernel.org/stable/c/79dcbd8176152b860028b62f81a635d987365752 https://git.kernel.org/stable/c/7cf6466e00a77b0a914b7b2c28a1fc7947d55e59 https://git.kernel.org/stable/c/aefcc25f3a0cd28a87d11d41d30419a12cd26a34 https://git.kernel.org/stable/c/bee90911e0138c76ee67458ac0d58b38a3190f65 https://git.kernel.org/stable/c/d53456492b5d02033c73dfa0f3b94c86337791ba https://www.cve.org/CVERecord?id=CVE-2021-47104 View more

Rocky Linux: CVE-2021-47101: kernel-rt (RLSA-2024-7001) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 10/03/2024 Added 10/02/2024 Modified 02/06/2025 Description In the Linux kernel, the following vulnerability has been resolved: asix: fix uninit-value in asix_mdio_read() asix_read_cmd() may read less than sizeof(smsr) bytes and in this case smsr will be uninitialized. Fail log: BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] BUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 BUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497 asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497 Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2021-47101 CVE - 2021-47101 https://errata.rockylinux.org/RLSA-2024:7001

SUSE: CVE-2021-47082: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/04/2024 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1 Hardware name: Red Hat KVM, BIOS Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [inline] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook mm/slub.c:1749 [inline] slab_free mm/slub.c:3513 [inline] kfree+0xac/0x2d0 mm/slub.c:4561 selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 security_tun_dev_free_security+0x4f/0x90 security/security.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/core/dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2021-47082 CVE - 2021-47082

SUSE: CVE-2021-47094: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator during tdp_iter_next() and do not advance the iterator.Advancing the iterator results in skipping the top-level SPTE and all its children, which is fatal if any of the skipped SPTEs were not visited before yielding. When zapping all SPTEs, i.e. when min_level == root_level, restarting the iter and then invoking tdp_iter_next() is always fatal if the current gfn has as a valid SPTE, as advancing the iterator results in try_step_side() skipping the current gfn, which wasn't visited before yielding. Sprinkle WARNs on iter->yielded being true in various helpers that are often used in conjunction with yielding, and tag the helper with __must_check to reduce the probabily of improper usage. Failing to zap a top-level SPTE manifests in one of two ways.If a valid SPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(), the shadow page will be leaked and KVM will WARN accordingly. WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm] RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm] Call Trace: <TASK> kvm_arch_destroy_vm+0x130/0x1b0 [kvm] kvm_destroy_vm+0x162/0x2a0 [kvm] kvm_vcpu_release+0x34/0x60 [kvm] __fput+0x82/0x240 task_work_run+0x5c/0x90 do_exit+0x364/0xa10 ? futex_unqueue+0x38/0x60 do_group_exit+0x33/0xa0 get_signal+0x155/0x850 arch_do_signal_or_restart+0xed/0x750 exit_to_user_mode_prepare+0xc5/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae If kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped by kvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form of marking a struct page as dirty/accessed after it has been put back on the free list.This directly triggers a WARN due to encountering a page with page_count() == 0, but it can also lead to data corruption and additional errors in the kernel. WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:171 RIP: 0010:kvm_is_zone_device_pfn.part.0+0x9e/0xd0 [kvm] Call Trace: <TASK> kvm_set_pfn_dirty+0x120/0x1d0 [kvm] __handle_changed_spte+0x92e/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] zap_gfn_range+0x549/0x620 [kvm] kvm_tdp_mmu_put_root+0x1b6/0x270 [kvm] mmu_free_root_page+0x219/0x2c0 [kvm] kvm_mmu_free_roots+0x1b4/0x4e0 [kvm] kvm_mmu_unload+0x1c/0xa0 [kvm] kvm_arch_destroy_vm+0x1f2/0x5c0 [kvm] kvm_put_kvm+0x3b1/0x8b0 [kvm] kvm_vcpu_release+0x4e/0x70 [kvm] __fput+0x1f7/0x8c0 task_work_run+0xf8/0x1a0 do_exit+0x97b/0x2230 do_group_exit+0xda/0x2a0 get_signal+0x3be/0x1e50 arch_do_signal_or_restart+0x244/0x17f0 exit_to_user_mode_prepare+0xcb/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x4d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Note, the underlying bug existed even before commit 1af4a96025b3 ("KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed") moved calls to tdp_mmu_iter_cond_resched() to the beginning of loops, as KVM could still incorrectly advance past a top-level entry when yielding on a lower-level entry.But with respect to leaking shadow pages, the bug was introduced by yielding before processing the current gfn. Alternatively, tdp_mmu_iter_cond_resched() could simply fall through, or callers could jump to their "retry" label.The downside of that approach is that tdp_mmu_iter_cond_resched() _must_ be called before anything else in the loop, and there's no easy way to enfornce that requirement. Ideally, KVM would handling the cond_resched() fully within the iterator macro (the code is actually quite clean) and avoid this entire class of bugs, but that is extremely difficult do wh ---truncated--- Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2021-47094 CVE - 2021-47094

SUSE: CVE-2021-47102: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix incorrect structure access In line: upper = info->upper_dev; We access upper_dev field, which is related only for particular events (e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memory access for another events, when ptr is not netdev_notifier_changeupper_info. The KASAN logs are as follows: [ 30.123165] BUG: KASAN: stack-out-of-bounds in prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.133336] Read of size 8 at addr ffff80000cf772b0 by task udevd/778 [ 30.139866] [ 30.141398] CPU: 0 PID: 778 Comm: udevd Not tainted 5.16.0-rc3 #6 [ 30.147588] Hardware name: DNI AmazonGo1 A7040 board (DT) [ 30.153056] Call trace: [ 30.155547]dump_backtrace+0x0/0x2c0 [ 30.159320]show_stack+0x18/0x30 [ 30.162729]dump_stack_lvl+0x68/0x84 [ 30.166491]print_address_description.constprop.0+0x74/0x2b8 [ 30.172346]kasan_report+0x1e8/0x250 [ 30.176102]__asan_load8+0x98/0xe0 [ 30.179682]prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera] [ 30.186847]prestera_netdev_event_handler+0x1b4/0x1c0 [prestera] [ 30.193313]raw_notifier_call_chain+0x74/0xa0 [ 30.197860]call_netdevice_notifiers_info+0x68/0xc0 [ 30.202924]register_netdevice+0x3cc/0x760 [ 30.207190]register_netdev+0x24/0x50 [ 30.211015]prestera_device_register+0x8a0/0xba0 [prestera] Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2021-47102 CVE - 2021-47102

SUSE: CVE-2021-47097: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/04/2024 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description In the Linux kernel, the following vulnerability has been resolved: Input: elantech - fix stack out of bound access in elantech_change_report_id() The array param[] in elantech_change_report_id() must be at least 3 bytes, because elantech_read_reg_params() is calling ps2_command() with PSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but it's defined in the stack as an array of 2 bytes, therefore we have a potential stack out-of-bounds access here, also confirmed by KASAN: [6.512374] BUG: KASAN: stack-out-of-bounds in __ps2_command+0x372/0x7e0 [6.512397] Read of size 1 at addr ffff8881024d77c2 by task kworker/2:1/118 [6.512416] CPU: 2 PID: 118 Comm: kworker/2:1 Not tainted 5.13.0-22-generic #22+arighi20211110 [6.512428] Hardware name: LENOVO 20T8000QGE/20T8000QGE, BIOS R1AET32W (1.08 ) 08/14/2020 [6.512436] Workqueue: events_long serio_handle_event [6.512453] Call Trace: [6.512462]show_stack+0x52/0x58 [6.512474]dump_stack+0xa1/0xd3 [6.512487]print_address_description.constprop.0+0x1d/0x140 [6.512502]? __ps2_command+0x372/0x7e0 [6.512516]__kasan_report.cold+0x7d/0x112 [6.512527]? _raw_write_lock_irq+0x20/0xd0 [6.512539]? __ps2_command+0x372/0x7e0 [6.512552]kasan_report+0x3c/0x50 [6.512564]__asan_load1+0x6a/0x70 [6.512575]__ps2_command+0x372/0x7e0 [6.512589]? ps2_drain+0x240/0x240 [6.512601]? dev_printk_emit+0xa2/0xd3 [6.512612]? dev_vprintk_emit+0xc5/0xc5 [6.512621]? __kasan_check_write+0x14/0x20 [6.512634]? mutex_lock+0x8f/0xe0 [6.512643]? __mutex_lock_slowpath+0x20/0x20 [6.512655]ps2_command+0x52/0x90 [6.512670]elantech_ps2_command+0x4f/0xc0 [psmouse] [6.512734]elantech_change_report_id+0x1e6/0x256 [psmouse] [6.512799]? elantech_report_trackpoint.constprop.0.cold+0xd/0xd [psmouse] [6.512863]? ps2_command+0x7f/0x90 [6.512877]elantech_query_info.cold+0x6bd/0x9ed [psmouse] [6.512943]? elantech_setup_ps2+0x460/0x460 [psmouse] [6.513005]? psmouse_reset+0x69/0xb0 [psmouse] [6.513064]? psmouse_attr_set_helper+0x2a0/0x2a0 [psmouse] [6.513122]? phys_pmd_init+0x30e/0x521 [6.513137]elantech_init+0x8a/0x200 [psmouse] [6.513200]? elantech_init_ps2+0xf0/0xf0 [psmouse] [6.513249]? elantech_query_info+0x440/0x440 [psmouse] [6.513296]? synaptics_send_cmd+0x60/0x60 [psmouse] [6.513342]? elantech_query_info+0x440/0x440 [psmouse] [6.513388]? psmouse_try_protocol+0x11e/0x170 [psmouse] [6.513432]psmouse_extensions+0x65d/0x6e0 [psmouse] [6.513476]? psmouse_try_protocol+0x170/0x170 [psmouse] [6.513519]? mutex_unlock+0x22/0x40 [6.513526]? ps2_command+0x7f/0x90 [6.513536]? psmouse_probe+0xa3/0xf0 [psmouse] [6.513580]psmouse_switch_protocol+0x27d/0x2e0 [psmouse] [6.513624]psmouse_connect+0x272/0x530 [psmouse] [6.513669]serio_driver_probe+0x55/0x70 [6.513679]really_probe+0x190/0x720 [6.513689]driver_probe_device+0x160/0x1f0 [6.513697]device_driver_attach+0x119/0x130 [6.513705]? device_driver_attach+0x130/0x130 [6.513713]__driver_attach+0xe7/0x1a0 [6.513720]? device_driver_attach+0x130/0x130 [6.513728]bus_for_each_dev+0xfb/0x150 [6.513738]? subsys_dev_iter_exit+0x10/0x10 [6.513748]? _raw_write_unlock_bh+0x30/0x30 [6.513757]driver_attach+0x2d/0x40 [6.513764]serio_handle_event+0x199/0x3d0 [6.513775]process_one_work+0x471/0x740 [6.513785]worker_thread+0x2d2/0x790 [6.513794]? process_one_work+0x740/0x740 [6.513802]kthread+0x1b4/0x1e0 [6.513809]? set_kthread_struct+0x80/0x80 [6.513816]ret_from_fork+0x22/0x30 [6.513832] The buggy address belongs to the page: [6.513838] page:00000000bc35e189 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d7 [6.513847] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) [6.513860] raw: 0 ---truncated--- Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2021-47097 CVE - 2021-47097