操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2024-1571)

摘要:

kernel security update

安全等级: High

公告ID: KylinSec-SA-2024-1571

发布日期: 2024年2月8日

关联CVE: CVE-2023-51043 CVE-2023-6531 CVE-2023-6915

详细介绍

1. 漏洞描述

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.(CVE-2023-51043)

A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.(CVE-2023-6531)

A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.(CVE-2023-6915)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2023-51043	KY3.5.2	kernel	Fixed
CVE-2023-6531	KY3.5.2	kernel	Fixed
CVE-2023-6915	KY3.5.2	kernel	Fixed

3. 影响组件

kernel

4. 修复版本

KY3.5.2

软件名称	架构	版本号
kernel-headers	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
kernel	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
kernel-source	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
kernel-tools	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
perf	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
kernel-devel	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
kernel-tools-devel	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
python3-perf	x86_64	5.10.0-153.12.0.92.kb8.ky3_5
perf	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel-source	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel-headers	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel-devel	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel-tools-devel	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
python3-perf	aarch64	5.10.0-153.12.0.92.kb16.ky3_5
kernel-tools	aarch64	5.10.0-153.12.0.92.kb16.ky3_5