Advisory ROSA-SA-2024-2355

Software: libvirt 6.0.0 OS: ROSA Virtualization 2.1 packageevrstring: libvirt-6.0.0-28.module+el8.3.0+7827+5e65edd7.src.rpm CVE-ID: CVE-2020-14339 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability was discovered in libvirt that caused the /dev/mapper/control file descriptor to be exposed to...

CLSA-2024-1708094049 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...

CLSA-2024-1708171186 Fix of 10 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...

CLSA-2024-1708171036 Fix of 10 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rdscmsgrecv CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables...

CLSA-2024-1708094944 Fix of 8 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nftables: reject QUEUE/DROP verdict parameters CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-fr...

AZL-33965 CVE-2024-23851 affecting package kernel for versions less than 5.15.153.1-1

copyparams in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INTMAX bytes, and crash, because of a missing paramkernel-datasize check. This is related to ctlioctl...

multipath-tools: Multiple Vulnerabilities

Background multipath-tools are used to drive the Device Mapper multipathing driver. Description Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...

kernel: dm cache: free background tracker's queued work in btracker_destroy

A memory leak was found in the device-mapper cache target in the Linux kernel. The btrackerdestroy function fails to free queued work items from the background tracker before destroying the slab cache. This triggers a BUG when kmemcacheshutdown finds objects still remaining...

kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos

A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...

kernel: dm flakey: fix a crash with invalid table line

A flaw was identified in the device-mapper “dm flakey” target in the Linux kernel where invalid table line input can lead to a NULL pointer dereference. Specifically, when dmsetup is used with a malformed table line such as with the corruptbiobyte target and the argname pointer is NULL, the kerne...

kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos

A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...

kernel: dm flakey: don't corrupt the zero page

A flaw was found in the Linux kernel's dm-flakey device mapper target. When the corrupt bio writes option is enabled, dm-flakey can corrupt the kernel's global zero page. Since the zero page is shared system-wide and used by glibc's calloc implementation via mmap, corrupting it causes userspace...

kernel: dm flakey: fix a crash with invalid table line

A flaw was identified in the device-mapper “dm flakey” target in the Linux kernel where invalid table line input can lead to a NULL pointer dereference. Specifically, when dmsetup is used with a malformed table line such as with the corruptbiobyte target and the argname pointer is NULL, the kerne...

kernel: dm stats: check for and propagate alloc_percpu failure

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...

kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos

A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component...

Rocky Linux 9 : device-mapper-multipath (RLSA-2022:8453)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8453 advisory. - A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjuncti...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

USN-6397-1: Linux kernel (BlueField) vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Ruihan Li discovered that the bluetooth subsystem ...

USN-6397-1 linux-bluefield vulnerabilities

Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. CVE-2022-40982 Ruihan Li discovered that the bluetooth subsystem ...

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6397-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6397-1 advisory. Daniel Moghimi discovered that some IntelR Processors did not properly clear microarchitectural state after speculative execution of various instructions...