{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20246668", "Version": "oval:org.altlinux.errata:def:20246668", "Class": "patch", "Metadata": { "Title": "ALT-PU-2024-6668: package `kernel-image-un-def` update to version 6.1.85-alt0.c10f.1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2024-6668", "RefURL": "https://errata.altlinux.org/ALT-PU-2024-6668", "Source": "ALTPU" }, { "RefID": "BDU:2024-01673", "RefURL": "https://bdu.fstec.ru/vul/2024-01673", "Source": "BDU" }, { "RefID": "CVE-2023-52434", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52434", "Source": "CVE" } ], "Description": "This update upgrades kernel-image-un-def to version 6.1.85-alt0.c10f.1. \nSecurity Fix(es):\n\n * BDU:2024-01673: Уязвимость функции smb2_parse_contexts() в модуле fs/smb/client/smb2pdu.c клиента SMB ядра операционной системы Linux , позволяющая нарушителю получить доступ к защищаемой информации или вызвать отказ в обслуживании\n\n * CVE-2023-52434: In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e", "Advisory": { "From": "errata.altlinux.org", "Severity": "High", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2024-04-23" }, "Updated": { "Date": "2024-04-23" }, "BDUs": [ { "ID": "BDU:2024-01673", "CVSS": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "CVSS3": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-119, CWE-125", "Href": "https://bdu.fstec.ru/vul/2024-01673", "Impact": "High", "Public": "20231211" } ], "CVEs": [ { "ID": "CVE-2023-52434", "CVSS3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-119", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52434", "Impact": "High", "Public": "20240220" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20246668001", "Comment": "kernel-doc-un is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668002", "Comment": "kernel-headers-modules-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668003", "Comment": "kernel-headers-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668004", "Comment": "kernel-image-domU-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668005", "Comment": "kernel-image-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668006", "Comment": "kernel-image-un-def-checkinstall is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668007", "Comment": "kernel-modules-drm-ancient-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668008", "Comment": "kernel-modules-drm-nouveau-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668009", "Comment": "kernel-modules-drm-un-def is earlier than 1:6.1.85-alt0.c10f.1" }, { "TestRef": "oval:org.altlinux.errata:tst:20246668010", "Comment": "kernel-modules-staging-un-def is earlier than 1:6.1.85-alt0.c10f.1" } ] } ] } } ] }