QID 357319
Date Published: 2024-03-07
QID 357319: Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2024-051
dm_table_create in drivers/md/dm-table.c in the linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than int_max bytes, and crash, because of a missing check for struct dm_ioctl.target_count. (
This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. (
( CVE-2024-0340) a vulnerability was reported in the open vswitch sub-component in the linux kernel.
The flaw occurs when a recursive operation of code push recursively calls into the code block.
The ovs module does not validate the stack depth, pushing too many frames and causing a stack overflow.
As a result, this can lead to a crash or other related issues. (
( CVE-2024-1151) in btrfs_get_root_ref in fs/btrfs/disk-io.c in the linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. (
( CVE-2024-23850) copy_params in drivers/md/dm-ioctl.c in the linux kernel through 6.7.1 can attempt to allocate more than int_max bytes, and crash, because of a missing param_kernel->data_size check.
This is related to ctl_ioctl. (
( CVE-2024-23851)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2KERNEL-5.10-2024-051 -
alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-051.html
CVEs related to QID 357319
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2KERNEL-5.10-2024-051 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-051.html |