跳转到帖子

Amazon Linux 2023: CVE-2023-52616: Important priority package update for kernel

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2023-52616: Important priority package update for kernel

Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
03/18/2024
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. A vulnerability was found in the crypto: lib/mpi component of the Linux kernel, where the initialization of the mpi_ec_ctx structure caused crashes due to uncleared fields. This issue occurs when the structure is referenced after being released. It typically triggers during specific calculations, like the Za value for SM2.

Solution(s)

  • amazon-linux-2023-upgrade-bpftool
  • amazon-linux-2023-upgrade-bpftool-debuginfo
  • amazon-linux-2023-upgrade-kernel
  • amazon-linux-2023-upgrade-kernel-debuginfo
  • amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64
  • amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64
  • amazon-linux-2023-upgrade-kernel-devel
  • amazon-linux-2023-upgrade-kernel-headers
  • amazon-linux-2023-upgrade-kernel-libbpf
  • amazon-linux-2023-upgrade-kernel-libbpf-devel
  • amazon-linux-2023-upgrade-kernel-libbpf-static
  • amazon-linux-2023-upgrade-kernel-livepatch-6-1-79-99-164
  • amazon-linux-2023-upgrade-kernel-modules-extra
  • amazon-linux-2023-upgrade-kernel-modules-extra-common
  • amazon-linux-2023-upgrade-kernel-tools
  • amazon-linux-2023-upgrade-kernel-tools-debuginfo
  • amazon-linux-2023-upgrade-kernel-tools-devel
  • amazon-linux-2023-upgrade-perf
  • amazon-linux-2023-upgrade-perf-debuginfo
  • amazon-linux-2023-upgrade-python3-perf
  • amazon-linux-2023-upgrade-python3-perf-debuginfo

References

  • https://attackerkb.com/topics/cve-2023-52616
  • CVE - 2023-52616
  • https://alas.aws.amazon.com/AL2023/ALAS-2024-549.html
  • 查看数 705
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…