[CLSA-2023:1686651204] kernel: Fix of 25 CVEs
Type:
security
Severity:
Important
Release date:
2023-06-13
Description:
- cgroup: Use open-time cgroup namespace for process migration perm checks {CVE-2021-4197} - cgroup: Use open-time credentials for process migraton perm checks {CVE-2021-4197} - vt: drop old FONT ioctls {CVE-2021-33656} - fbmem: Check virtual screen sizes in fb_set_var() {CVE-2021-33655} - fbcon: Prevent that screen size is smaller than font size {CVE-2021-33655} - fbcon: Disallow setting font bigger than screen size {CVE-2021-33655} - KVM: nVMX: add missing consistency checks for CR0 and CR4 {CVE-2023-30456} - net: usb: ax88179_178a: Fix packet receiving - ipv4: make exception cache less predictible {CVE-2021-20322} - ipv4: use siphash instead of Jenkins in fnhe_hashfun() {CVE-2021-20322} - ipv6: make exception cache less predictible {CVE-2021-20322} - ipv6: use siphash in rt6_exception_hash() {CVE-2021-20322} - ipv6: use jhash2() in rt6_exception_hash() - psi: Fix uaf issue when psi trigger is destroyed while being polled {CVE-2022-2938} - psi: fix possible trigger missing in the window - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv - cgroup: make per-cgroup pressure stall tracking configurable - netfilter: nf_tables_offload: incorrect flow offload action array size {CVE-2022-25636} - netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm {CVE-2022-42896} - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM {CVE-2022-42896} - devlink: Fix use-after-free after a failed reload {CVE-2022-3625} - KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS {CVE-2022-2196} - net/sched: tcindex: update imperfect hash filters respecting rcu {CVE-2023-1281} - seq_buf: Fix overflow in seq_buf_putmem_hex() {CVE-2023-28772} - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380} - kvm: initialize all of the kvm_debugregs structure before sending it to userspace {CVE-2023-1513} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work {CVE-2023-1989} - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg {CVE-2023-31436} - cgroup-v1: Require capabilities to set release_agent {CVE-2022-0492} - net: sched: fix use-after-free in tc_new_tfilter() {CVE-2022-1055} - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() {CVE-2022-28893} - net/sched: cls_u32: fix netns refcount changes in u32_change() {CVE-2022-29581} - i2c: ismt: Fix an out-of-bounds bug in ismt_access() {CVE-2022-2873} - RDMA/cma: Do not change route.addr.src_addr.ss_family {CVE-2021-4028} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup {CVE-2022-2964} - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address {CVE-2022-1158} - ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386}
Updated packages:
  • bpftool-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:cfc0717b17ef953c0c9ce521a4a3823ea9f50cf8
  • kernel-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:624957d73d13fc0c9cb94998fd136b5b1f7fb439
  • kernel-core-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:e4291c8799b58bb7ad298a82643a0c84db7d4b51
  • kernel-cross-headers-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:c13d2a44fe3258e0dade5607b383fe3bbfcdef4c
  • kernel-debug-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:5f480998cb980e62e91445411039e2d368fee0b8
  • kernel-debug-core-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:3b5d8b472e065f40b8cb1a32350b14fed5c4f2e8
  • kernel-debug-devel-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:d38dc34cda5e4a92afaee6368d8d0ea7e584a7f6
  • kernel-debug-modules-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:699317ace052368100eaea6b6cefa2de7a7edb2b
  • kernel-debug-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:72f68961fc0ffe129a46a71cf4871e881c6d6dde
  • kernel-debug-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:ac018d26f7860d406cd108b023bdd56c20486f60
  • kernel-devel-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:8e61f53082462cde317f8823e5c5efc7bd304403
  • kernel-headers-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:9cd9ce5f63199796cf5aa93ef87d24db1eb47ddf
  • kernel-ipaclones-internal-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:1530920b1912948c1c9deab125dcb96a76e67545
  • kernel-modules-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:a81022c15055e84de5a3833b4687d7babc88bac5
  • kernel-modules-extra-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:e51375b2128d33f523332fc709046fc1ada6c0a7
  • kernel-modules-internal-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:a36363705ab23e00420887711ed12e31ea389665
  • kernel-selftests-internal-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:badaffcaa7b5ff402602f2f2ff9bf1d1f9fa60be
  • kernel-tools-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:2511ce34465132b895ddf4c95153cb3010317171
  • kernel-tools-libs-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:26bbb2dd1574c8a4458f295b23c60b2f48ea4078
  • kernel-tools-libs-devel-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:1b827a717d55722405ce106dbcb5ffff312771f5
  • perf-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:56565d97cbb494eaaae1f5e2db7eef1b6c2a470b
  • python3-perf-4.18.0-348.7.1.el8_5.tuxcare.els8.x86_64.rpm
    sha:eeb3c50bd90a3af304a93771f1334c675fe4b9a6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.