USN-6173-1: Linux kernel (OEM) vulnerabilities

Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-31436 It was discovered that the...

Security Bulletin: Multiple Vulnerabilities of Jackson-Mapper-asl have affected APM Linux KVM Agent

Summary APM Linux KVM Agent is vulnerable to Jackson-mapper-asl vulnerabilities described in CVE-2019-10202 and CVE-2019-10172. The fix includes jackson-mapper-asl-1.9.13.jar upgraded to jackson-databind-2.14.0.jar Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: Red Hat JBoss Enterprise...

EulerOS Virtualization 3.0.6.0 : device-mapper-multipath (EulerOS-SA-2023-2218)

According to the versions of the device-mapper-multipath packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in...

Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2023-2218)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for device-mapper-multipath (EulerOS-SA-2023-2140)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : device-mapper-multipath (EulerOS-SA-2023-2140)

According to the versions of the device-mapper-multipath packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction...

Important: kernel

Issue Overview: A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in tableclear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. CVE-2023-2269 In the Linux kernel through 6.3.1, a use-after-free in...

device-mapper-multipath security and bug fix update

0.8.4-37 - Fix bugzilla linked to the changes was previously linked to the wrong bug, 2162537 - Resolves: bz 2166468 0.8.4-36 - Add 0129-libmultipath-select-resize-action-even-if-reload-is-.patch - Add 0130-libmultipath-cleanup-ACTCREATE-code-in-selectactio.patch - Add...

Oracle Linux 8 : device-mapper-multipath (ELSA-2023-2948)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2948 advisory. 0.8.4-37 - Fix bugzilla linked to the changes was previously linked to the wrong bug, 2162537 - Resolves: bz 2166468 0.8.4-36 - Add...

kernel: dm integrity: Fix UAF in dm_integrity_dtr()

A use-after-free vulnerability was found in the Linux kernel's device mapper integrity subsystem. When dmresume and dmdestroy execute concurrently, a timer may fire and access freed memory because dmintegritydtr did not properly cancel the timer before freeing resources. The fix adds an additiona...

kernel: dm thin: Use last transaction's pmd->root when commit failed

A metadata handling flaw was found in the Linux kernel device-mapper thin provisioning driver. After a failed metadata commit, the in-memory root pointer could reference a mixed set of fresh and stale tree nodes. Subsequent lookups may loop or stall. A local user could use this flaw to cause the...

kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata

An ABBA deadlock flaw was found in the Linux kernel's device-mapper thin provisioning subsystem between the memory reclaim path and metadata abort handling. A local user can trigger this issue by initiating cache drop operations while dm-thin operations are active, causing process P1 to hold...

kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to...

Moderate: Red Hat Security Advisory: device-mapper-multipath security and bug fix update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 8 : device-mapper-multipath (CESA-2023:2948)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:2948 advisory. - multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able t...

RHEL 8 : device-mapper-multipath (RHSA-2023:2948)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2948 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

Moderate: device-mapper-multipath security and bug fix update

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes: device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack CVE-2022-41973 For more details about the securi...

Oracle Linux 9 : device-mapper-multipath (ELSA-2023-2459)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2459 advisory. 0.8.7-20 - Add 0083-multipath.rules-fix-smart-bug-with-failed-valid-path.patch - Add 0084-libmultipath-limit-paths-that-can-get-wwid-from-envi.patch - Change ho...

The vulnerability of the table_clear() function in the drivers/md/dm-ioctl.c file of the Linux kernel’s device-mapper driver allows a hacker to cause a service failure.

The vulnerability of the tableclear function in the drivers/md/dm-ioctl.c file of the Linux kernel’s device-mapper driver is related to recursive locking. Exploiting this vulnerability could allow an attacker to cause a service failure...