1. Unbreakable Enterprise Kernel Release 7 Update 2 - Release Notes (Version 5.15.0-200)
  2. List of CVEs fixed in this release

4 List of CVEs fixed in this release

The following list describes the CVEs that are fixed in UEK R7U2 (5.15.0-200.131.27) as compared to initial release of UEK R7U1 (5.15.0-100.96.32). The content provided here is automatically generated and includes the CVE identifier and a summary of the issue.

Note that CVEs are continually handled in patch updates that are made available as errata builds for the current release. For this reason, it's critical that you keep your system up-to-date with the latest package updates for this kernel release. Many of the issues listed here might have already been resolved in prior errata builds for the previous update level.

You can keep current with the latest CVE information at https://linux.oracle.com/cve.

  • CVE-2021-4002

    A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

    See https://linux.oracle.com/cve/CVE-2021-4002.html for more information.

  • CVE-2022-1679

    A use-after-free flaw was found in the Linux kernel';s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

    See https://linux.oracle.com/cve/CVE-2022-1679.html for more information.

  • CVE-2022-3524

    A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

    See https://linux.oracle.com/cve/CVE-2022-3524.html for more information.

  • CVE-2022-3543

    A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.

  • CVE-2022-3707

    A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

    See https://linux.oracle.com/cve/CVE-2022-3707.html for more information.

  • CVE-2022-4379

    A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

    See https://linux.oracle.com/cve/CVE-2022-4379.html for more information.

  • CVE-2023-0461

    There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c

    See https://linux.oracle.com/cve/CVE-2023-0461.html for more information.

  • CVE-2023-1073

    A memory corruption flaw was found in the Linux kernel';s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.

    See https://linux.oracle.com/cve/CVE-2023-1073.html for more information.

  • CVE-2023-1074

    A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.

    See https://linux.oracle.com/cve/CVE-2023-1074.html for more information.

  • CVE-2023-1079

    A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.

  • CVE-2023-1095

    In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.

    See https://linux.oracle.com/cve/CVE-2023-1095.html for more information.

  • CVE-2023-1118

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

    See https://linux.oracle.com/cve/CVE-2023-1118.html for more information.

  • CVE-2023-20588

    A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.

    See https://linux.oracle.com/cve/CVE-2023-20588.html for more information.

  • CVE-2023-22024

    In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

    See https://linux.oracle.com/cve/CVE-2023-22024.html for more information.

  • CVE-2023-22998

    In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-22999

    In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-23004

    In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-26545

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

    See https://linux.oracle.com/cve/CVE-2023-26545.html for more information.

  • CVE-2023-30456

    An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

    See https://linux.oracle.com/cve/CVE-2023-30456.html for more information.

  • CVE-2023-32233

    In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.

    See https://linux.oracle.com/cve/CVE-2023-32233.html for more information.

  • CVE-2023-42753

    An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

    See https://linux.oracle.com/cve/CVE-2023-42753.html for more information.