ALT-PU-2023-1628-2
Package kernel-image-std-def updated to version 5.10.177-alt1 for branch p10 in task 318082.
Closed vulnerabilities
BDU:2022-07339
Уязвимость драйвера файловой системы NFS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-01780
Уязвимость функции xirc2ps_detach() драйвера сетевого адаптера Xircom 16-bit PCMCIA (PC-card) операционных систем Linux, позволяющая нарушителю повысить свои привилегии или вызвать отказ в обслуживании
BDU:2023-01799
Уязвимость файловой системы btrfs ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2023-02097
Уязвимость реализации протокола TLS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02163
Уязвимость функции btsdio_remove() модуля drivers\bluetooth\btsdio.c драйвера Bluetooth ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-4379
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- FEDORA-2023-3fd7349f60
- FEDORA-2023-3fd7349f60
- FEDORA-2023-f4f9182dc8
- FEDORA-2023-f4f9182dc8
- https://seclists.org/oss-sec/2022/q4/185
- https://seclists.org/oss-sec/2022/q4/185
- https://security.netapp.com/advisory/ntap-20230223-0004/
Modified: 2025-02-13
CVE-2023-1611
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
- https://bugzilla.redhat.com/show_bug.cgi?id=2181342
- https://bugzilla.redhat.com/show_bug.cgi?id=2181342
- https://github.com/torvalds/linux/commit/2f1a6be12ab6c8470d5776e68644726c94257c54
- https://github.com/torvalds/linux/commit/2f1a6be12ab6c8470d5776e68644726c94257c54
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- FEDORA-2023-d525cf5272
- FEDORA-2023-d525cf5272
- FEDORA-2023-98251cef79
- FEDORA-2023-98251cef79
- https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana%40suse.com/
- https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana%40suse.com/
Modified: 2025-02-14
CVE-2023-1670
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com/
- https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz%40163.com/
- https://security.netapp.com/advisory/ntap-20230526-0010/
- https://security.netapp.com/advisory/ntap-20230526-0010/
Modified: 2024-11-21
CVE-2023-1989
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update
- [debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update
- [debian-lts-announce] 20240111 [SECURITY] [DLA 3710-1] linux security update
- https://security.netapp.com/advisory/ntap-20230601-0004/
- https://security.netapp.com/advisory/ntap-20230601-0004/
- DSA-5492
- DSA-5492
Modified: 2024-11-21
CVE-2023-28466
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update
- https://security.netapp.com/advisory/ntap-20230427-0006/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
- https://security.netapp.com/advisory/ntap-20230427-0006/
- [debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update