ALT-PU-2023-1011-1
Package kernel-image-mp updated to version 6.0.16-alt1 for branch sisyphus in task 312903.
Closed vulnerabilities
BDU:2022-07218
Уязвимость функции l2cap_config_req (net/bluetooth/l2cap_core.c) ядра операционных систем Linux, позволяющая нарушителю выполнить произвольный код
BDU:2023-00361
Уязвимость функций gru_set_context_option(), gru_fault() и gru_handle_user_call_os() драйвера SGI GRU ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
BDU:2023-01112
Уязвимость функции ntfs_trim_fs() компонента fs/ntfs3/bitmap.c ядра операционных систем Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-03-07
CVE-2022-3424
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- https://bugzilla.redhat.com/show_bug.cgi?id=2132640
- https://bugzilla.redhat.com/show_bug.cgi?id=2132640
- https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
- https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
- https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz%40163.com/
- https://security.netapp.com/advisory/ntap-20230406-0005/
- https://security.netapp.com/advisory/ntap-20230406-0005/
- https://www.spinics.net/lists/kernel/msg4518970.html
- https://www.spinics.net/lists/kernel/msg4518970.html
Modified: 2024-11-21
CVE-2022-45934
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230302 [SECURITY] [DLA 3349-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- FEDORA-2022-90162a1d88
- FEDORA-2022-90162a1d88
- https://security.netapp.com/advisory/ntap-20230113-0008/
- https://security.netapp.com/advisory/ntap-20230113-0008/
- DSA-5324
- DSA-5324
Modified: 2024-11-21
CVE-2023-26606
In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=557d19675a470bb0a98beccec38c5dc3735c20fa
- https://lkml.org/lkml/2023/2/20/860
- https://lkml.org/lkml/2023/2/20/860
- https://security.netapp.com/advisory/ntap-20230316-0010/
- https://security.netapp.com/advisory/ntap-20230316-0010/