Security Advisory

Linux Kernel Security Update Advisory

  • May 02 2024

Overview

 

We have released an update to address a vulnerability in the Linux Kernel. users of affected versions are advised to update to the latest version.

 

Affected Products

 

Cve-2022-48658, cve-2022-48662

  • Linux Kernel Versions : 5.15 (excluded) to 5.15.71 (excluded)
  • Linux Kernel Versions : 5.16 (excluded) to 5.19.12 (excluded)

 

CVE-2023-52455

  • Linux Kernel Versions : 6.3.0 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions : 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52457

  • Linux Kernel Versions : ~ 5.4.268 (Excluded)
  • Linux Kernel Versions : 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel Versions : 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions : 5.16 (inclusive) to 6.1.75 (exclusive)
  • Linux Kernel Versions : 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions : 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2022-48655

  • Linux Kernel Versions : ~ 5.15.71 (excluded)
  • Linux Kernel Versions : 5.16 (excluded) to 5.19.12 (excluded)

 

CVE-2024-26882

  • Linux Kernel Versions : 3.10 (inclusive) to 5.4.273 (excluded)
  • Linux Kernel Versions : 5.5 (inclusive) to 5.10.214 (excluded)
  • Linux Kernel Versions : 5.11 (inclusive) to 5.15.153 (excluded)
  • Linux Kernel Versions : 5.16 (inclusive) to 6.1.83 (excluded)
  • Linux Kernel Versions : 6.2 (inclusive) to 6.6.23 (exclusive)
  • Linux Kernel Versions : 6.7 (inclusive) to 6.7.11 (exclusive)
  • Linux Kernel Versions : 6.8 (inclusive) to 6.8.2 (excluded)

 

Resolved Vulnerabilities

 

CVE-2022-48658 : Dependency issue when the flush operation is called in the task context in the Linux Kernel, resulting in a kernel warning(7.8 High, CVSS V3.1 Date Added: 2024.04.30)

CVE-2023-52455: Vulnerability in IOVA tree corruption due to reservation of a zero-length IOVA region, causing display IOMMU mapping to fail(7.8 High, CVSS V3.1 Date Added: 2024.04.30)

CVE-2022-48662: General Protection Fault (GPF) vulnerability in i915_perf in the Linux Kernel due to failure to delete the last reference and free the structure when removing a context from the list during context_close() (7.8 High, CVSS V3.1 Date Added: 2024.04.30)

CVE-2023-52457: Use-after-free vulnerability in the 8250 omap driver in the Linux Kernel due to a failed call to pm_runtime_resume_and_get()(7.8 High, CVSS V3.1 Date Added: 2024.04.30)

CVE-2022-48655: Out-of-boundsvulnerability in arm_scmi firmware when the SCMI driver behaves incorrectly when accessing the reset domain descriptor via index in a request from the SCMI driver(7.8 High, CVSS V3.1, Date Added: 2024.04.30)

CVE-2024-26882: Vulnerability in the ip_tunnel_rcv() function in the Linux Kernel due to incorrect handling of internal headers, which could allow arbitrary uninitialized memory references(7.8 High, CVSS V3.1 Date Added: 2024.04.30)

 

Vulnerability Patches

 

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Vulnerability Patches have been made available through the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

Cve-2022-48658, cve-2022-48655

  • Linux Kernel Version: 5.15.71
  • Linux Kernel Version : 5.19.12
  • Linux Kernel Version : 6.0

 

CVE-2023-52455

  • Linux Kernel Version : 6.6.14
  • Linux Kernel Version : 6.7.2
  • Linux Kernel Version : 6.8-rc1

 

CVE-2022-48662

  • Linux Kernel Version : 5.15.72
  • Linux Kernel Version : 5.19.12
  • Linux Kernel Version : 6.0

 

CVE-2023-52457

  • Linux Kernel Version : 5.4.268
  • Linux Kernel Version : 5.10.209
  • Linux Kernel Version : 5.15.148
  • Linux Kernel Version : 6.1.75
  • Linux Kernel Version : 6.6.14
  • Linux Kernel Version : 6.7.2
  • Linux Kernel Version : 6.8-rc1

 

CVE-2024-26882

  • Linux Kernel Version : 5.4.273
  • Linux Kernel Version : 5.10.214
  • Linux Kernel Version : 5.15.153
  • Linux Kernel Version : 6.1.83
  • Linux Kernel Version : 6.6.23
  • Linux Kernel Version : 6.7.11
  • Linux Kernel Version : 6.8.2
  • Linux Kernel Version : 6.9-rc1

 

Referenced Sites

 

[1] CVE-2022-48658 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48658

[2] CVE-2022-48658: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.

https://lore.kernel.org/linux-cve-announce/2024042800-CVE-2022-48658-4c9c@gregkh/

[3] CVE-2023-52455 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52455

[4] CVE-2023-52455: iommu: Don’t reserve 0-length IOVA region

https://lore.kernel.org/linux-cve-announce/2024022331-CVE-2023-52455-a28f@gregkh/

[5] CVE-2022-48662 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48662

[6] CVE-2022-48662: drm/i915/gem: Really move i915_gem_context.link under ref protection

https://lore.kernel.org/linux-cve-announce/2024042801-CVE-2022-48662-3a84@gregkh/

[7] CVE-2023-52457 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52457

[8] CVE-2023-52457: serial: 8250: omap: Don’t skip resource freeing if pm_runtime_resume_and_get() failed

https://lore.kernel.org/linux-cve-announce/2024022332-CVE-2023-52457-c7b9@gregkh/

[9] CVE-2022-48655 Detail

https://nvd.nist.gov/vuln/detail/CVE-2022-48655

[10] CVE-2022-48655: firmware: arm_scmi: Harden accesses to the reset domains

https://lore.kernel.org/linux-cve-announce/2024042859-CVE-2022-48655-5feb@gregkh/

[11] CVE-2024-26882 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26882

[12] CVE-2024-26882: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

https://lore.kernel.org/linux-cve-announce/2024041741-CVE-2024-26882-be35@gregkh/

Tags:

Previous Post

Next Post