171 lines
8.0 KiB
JSON
171 lines
8.0 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20238451",
|
||
"Version": "oval:org.altlinux.errata:def:20238451",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2023-8451: package `kernel-image-std-def` update to version 5.10.166-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch c10f1"
|
||
],
|
||
"Products": [
|
||
"ALT SP Workstation",
|
||
"ALT SP Server"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2023-8451",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-8451",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2023-00380",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2023-00380",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2024-07452",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2024-07452",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2023-23559",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-23559",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2023-52903",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-52903",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades kernel-image-std-def to version 5.10.166-alt1. \nSecurity Fix(es):\n\n * BDU:2023-00380: Уязвимость драйвера drivers/net/wireless/rndis_wlan.c ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2024-07452: Уязвимость компонента io_uring ядра операционной системы Linux, связанная с неправильной блокировкой, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2023-23559: In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.\n\n * CVE-2023-52903: In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: lock overflowing for IOPOLL\n\nsyzbot reports an issue with overflow filling for IOPOLL:\n\nWARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\nCPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0\nWorkqueue: events_unbound io_ring_exit_work\nCall trace:\n io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734\n io_req_cqe_overflow+0x5c/0x70 io_uring/io_uring.c:773\n io_fill_cqe_req io_uring/io_uring.h:168 [inline]\n io_do_iopoll+0x474/0x62c io_uring/rw.c:1065\n io_iopoll_try_reap_events+0x6c/0x108 io_uring/io_uring.c:1513\n io_uring_try_cancel_requests+0x13c/0x258 io_uring/io_uring.c:3056\n io_ring_exit_work+0xec/0x390 io_uring/io_uring.c:2869\n process_one_work+0x2d8/0x504 kernel/workqueue.c:2289\n worker_thread+0x340/0x610 kernel/workqueue.c:2436\n kthread+0x12c/0x158 kernel/kthread.c:376\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:863\n\nThere is no real problem for normal IOPOLL as flush is also called with\nuring_lock taken, but it's getting more complicated for IOPOLL|SQPOLL,\nfor which __io_cqring_overflow_flush() happens from the CQ waiting path.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "High",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2023-02-09"
|
||
},
|
||
"Updated": {
|
||
"Date": "2023-02-09"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2023-00380",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190, CWE-680",
|
||
"Href": "https://bdu.fstec.ru/vul/2023-00380",
|
||
"Impact": "High",
|
||
"Public": "20230110"
|
||
},
|
||
{
|
||
"ID": "BDU:2024-07452",
|
||
"CVSS": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-667",
|
||
"Href": "https://bdu.fstec.ru/vul/2024-07452",
|
||
"Impact": "Low",
|
||
"Public": "20230113"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2023-23559",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-190",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-23559",
|
||
"Impact": "High",
|
||
"Public": "20230113"
|
||
},
|
||
{
|
||
"ID": "CVE-2023-52903",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||
"CWE": "CWE-667",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-52903",
|
||
"Impact": "Low",
|
||
"Public": "20240821"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:spworkstation:10",
|
||
"cpe:/o:alt:spserver:10"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:5001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451001",
|
||
"Comment": "kernel-doc-std is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451002",
|
||
"Comment": "kernel-headers-modules-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451003",
|
||
"Comment": "kernel-headers-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451004",
|
||
"Comment": "kernel-image-domU-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451005",
|
||
"Comment": "kernel-image-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451006",
|
||
"Comment": "kernel-image-std-def-checkinstall is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451007",
|
||
"Comment": "kernel-modules-drm-ancient-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451008",
|
||
"Comment": "kernel-modules-drm-nouveau-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451009",
|
||
"Comment": "kernel-modules-drm-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451010",
|
||
"Comment": "kernel-modules-ide-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451011",
|
||
"Comment": "kernel-modules-midgard-be-m1000-std-def is earlier than 2:5.10.166-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20238451012",
|
||
"Comment": "kernel-modules-staging-std-def is earlier than 2:5.10.166-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |