Huawei EulerOS: CVE-2024-26872: kernel security update

Huawei EulerOS: CVE-2024-26872: kernel security update

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

04/17/2024

Created

07/23/2024

Added

07/23/2024

Modified

10/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place. Instead, only register the event handler after srpt device initialization is complete.

Solution(s)

• huawei-euleros-2_0_sp8-upgrade-bpftool
• huawei-euleros-2_0_sp8-upgrade-kernel
• huawei-euleros-2_0_sp8-upgrade-kernel-devel
• huawei-euleros-2_0_sp8-upgrade-kernel-headers
• huawei-euleros-2_0_sp8-upgrade-kernel-tools
• huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs
• huawei-euleros-2_0_sp8-upgrade-perf
• huawei-euleros-2_0_sp8-upgrade-python-perf
• huawei-euleros-2_0_sp8-upgrade-python3-perf

References

• https://attackerkb.com/topics/cve-2024-26872
• CVE - 2024-26872
• EulerOS-SA-2024-2476