Oracle Linux: CVE-2024-49900: ELSA-2024-12884: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

发布于3月6日3月6日

Members

Oracle Linux: CVE-2024-49900: ELSA-2024-12884: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:N/A:C)

Published

10/21/2024

Created

12/19/2024

Added

12/17/2024

Modified

01/23/2025

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit was stored to memory at: ea_put fs/jfs/xattr.c:639 [inline] ... Local variable ea_buf created at: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ===================================================== The reason is ea_buf->new_ea is not initialized properly. Fix this by using memset to empty its content at the beginning in ea_get().

Solution(s)

oracle-linux-upgrade-kernel-uek

References

https://attackerkb.com/topics/cve-2024-49900
CVE - 2024-49900
ELSA-2024-12884

引用

Mention

登录

Oracle Linux: CVE-2024-49900: ELSA-2024-12884: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

recommended_posts

Oracle Linux: CVE-2024-49900: ELSA-2024-12884: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Description

Solution(s)

References

参与讨论

欢迎来到红帽社区

帐户

导航

搜索