ALT-PU-2017-2809-1
Package kernel-image-std-def updated to version 4.9.70-alt0.M80P.1 for branch p8 in task 196927.
Closed vulnerabilities
BDU:2019-00974
Уязвимость обработчика RAW-сокетов AF_PACKET ядра Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2024-11-21
CVE-2018-18559
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.
- RHBA-2019:0327
- RHBA-2019:0327
- RHSA-2019:0163
- RHSA-2019:0163
- RHSA-2019:0188
- RHSA-2019:0188
- RHSA-2019:1170
- RHSA-2019:1170
- RHSA-2019:1190
- RHSA-2019:1190
- RHSA-2019:3967
- RHSA-2019:3967
- RHSA-2019:4159
- RHSA-2019:4159
- RHSA-2020:0174
- RHSA-2020:0174
- https://blogs.securiteam.com/index.php/archives/3731
- https://blogs.securiteam.com/index.php/archives/3731