Security Advisory

Linux Kernel Security Update Advisory

  • Mar 22 2024

Overview

 

An update has been made available to address a vulnerability in Linux. users of affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2023-52451

  • Linux Kernel Versions: 4.1.0 (inclusive) to 4.19.306 (excluded)
  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2024-26582

  • Linux Kernel Versions: 6.0 (inclusive) to 6.1.79 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.18 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.6 (excluded)

 

CVE-2024-26588

  • Linux Kernel Version: < 6.1.75 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52441

  • Linux Kernel Versions: 5.15.0 (inclusive) to 5.15.145 (excluded)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.53 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.4.16 (excluded)

 

CVE-2023-52445

  • Linux Kernel Version: < 4.19.306 (Excluded)
  • Linux Kernel Versions: 4.20 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel version: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2023-52447

  • Linux Kernel Versions: 5.9.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52446

  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2023-52440

  • Linux Kernel Versions: 5.17.0 (inclusive) to 6.1.52 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.4.15 (excluded)
  • Linux Kernel Versions: 6.5.0 (inclusive) to 6.5.2 (excluded)

 

CVE-2023-52438

  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.74 (exclusive)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.13 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.1 (exclusive)

 

CVE-2023-52439

  • Linux Kernel Versions: 4.18, 4.18-rc5, 4.18-rc6, 4.18-rc7, 4.18-rc8
  • Linux Kernel Versions: 4.18.0 (inclusive) to 4.19.306 (exclusive)
  • Linux Kernel Versions: 4.20.0 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel Versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.148 (excluded)
  • Linux Kernel versions: 5.16.0 (inclusive) to 6.1.74 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.13 (excluded)
  • Linux Kernel versions: 6.7.0 (inclusive) to 6.7.1 (excluded)

 

CVE-2023-52434

  • Linux Kernel Version: < 5.10.211 (Excluded)
  • Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.150 (excluded)
  • Linux Kernel version: 5.16.0 (inclusive) to 6.1.79 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.8 (excluded)

 

CVE-2024-26586

  • Linux Kernel Versions: 4.19.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel Versions: 5.11.0 (inclusive) to 5.15.148 (excluded)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.79 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2023-52452

  • Linux Kernel Versions: 5.12 (inclusive) to 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (excluded)

 

CVE-2024-26589

  • Linux Kernel Versions: 4.20 (inclusive) to 5.15.148 (excluded)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel Versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

CVE-2023-52444

  • Linux Kernel Versions: 4.2.0 (inclusive) to 4.19.306 (excluded)
  • Linux Kernel Versions: 4.20 (inclusive) to 5.4.268 (excluded)
  • Linux Kernel versions: 5.5.0 (inclusive) to 5.10.209 (excluded)
  • Linux Kernel versions: 5.11.0 (inclusive) to 5.15.148 (exclusive)
  • Linux Kernel Versions: 5.16.0 (inclusive) to 6.1.75 (excluded)
  • Linux Kernel versions: 6.2.0 (inclusive) to 6.6.14 (exclusive)
  • Linux Kernel Versions: 6.7.0 (inclusive) to 6.7.2 (exclusive)

 

Resolved Vulnerabilities

 

Powerpc/pseries/memhp: Fix access beyond end of drmem array when LMB lookup does not match given entry Vulnerability in dlpar_memory_remove_by_index() could allow access beyond the boundaries of the drmem lmb array (CVE-2023-52451)

Use-after-free vulnerability in process_rx_list when put_page() in tls_decrypt_done dereferences and tries to read from a partially read skb (CVE-2024-26582)

Vulnerability triggering an unhandled page fault in the out-of-bounds memory access prevention test_tag test (CVE-2024-26588)

Out-of-bounds fix in init_smb2_rsp_hdr() Vulnerability where init_smb2_rsp_hdr is called for an smb1 negotiation request because need_neg is set to false if the client sends an smb2 negotiation request followed by an smb1 negotiation request (CVE-2023-52441)

Context disassociation vulnerability within the call stack (CVE-2023-52445)

Use-after-free take;weakness in bpf programs that access internals after an ops->map_free call completes (CVE-2023-52447)

Race condition vulnerability between btf_put() and map_free() (CVE-2023-52446)

Slub overflow vulnerability in key exchange code when authblob->SessionKey.Length is larger than session key size (CVE-2023-52440)

Use-after-free vulnerability in shinker callbacks (CVE-2023-52438)

Use-after-free vulnerability in uio_open (CVE-2023-52439)

Out-of-Band Vulnerability in smb2_parse_contexts() (CVE-2023-52434)

Stack corruption vulnerability where when a stack-correcting tc filter is first added to a net device, its local ports are bound to the device’s ACL group (CVE-2024-26586)

Accessible vulnerability for unit stack slots (CVE-2023-52452)

Vulnerability in alu denial of variable offset in PTR_TO_FLOW_KEYS (CVE-2024-26589)

Vulnerability in PTR_TO_FLOW_KEYS regarding direct damage caused by omission (CVE-2023-52444)

 

Vulnerability Patches

 

vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2023-52451

  • Linux Kernel version 4.19.30
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209
  • Linux Kernel 5.15.148
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2024-26582

  • Linux Kernel 6.8-rc5 Version

 

CVE-2024-26588

  • Linux Kernel 6.1.75 Version
  • Linux Kernel 6.6.14 Versions
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52441

  • Linux Kernel 5.15.145 version
  • Linux Kernel 6.1.53 version
  • Linux Kernel 6.4.16 Version
  • Linux Kernel 6.5 Versions

 

CVE-2023-52445

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52447

  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 Versions
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52446

  • Linux Kernel versions: 6.2.0 (inclusive) ~ 6.6.14 (excluded)
  • Linux Kernel Versions: 6.7.0 (inclusive) ~ 6.7.2 (excluded)

 

CVE-2023-52440

  • Linux Kernel version 5.15.145
  • Linux Kernel 6.1.52 (inclusive) to 6.7.2 (excluded)
  • Linux Kernel 6.4.15 (incl.)
  • Linux Kernel 6.5.2 Versions
  • Linux Kernel 6.6 Versions

 

CVE-2023-52438

  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.74 version
  • Linux Kernel 6.6.13 version
  • Linux Kernel 6.7.1 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52439

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.74 version
  • Linux Kernel 6.6.13 version
  • Linux Kernel 6.7.1 version
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52434

  • Linux Kernel 6.6.8 Version
  • Linux Kernel 6.7 Versions

 

CVE-2024-26586

  • Linux Kernel 5.10.209 Versions
  • Linux Kernel 5.15.148 版本
  • Linux Kernel 6.6.14 版本
  • Linux Kernel 6.7.2 版本
  • Linux Kernel 6.8-rc1 Version

 

CVE-2023-52452

  • Linux Kernel 6.6.14 Versions
  • Linux Kernel 6.7.2 Versions
  • Linux Kernel 6.8-rc1 version

 

CVE-2024-26589

  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1

 

CVE-2023-52444

  • Linux Kernel 4.19.306 version
  • Linux Kernel 5.4.268 version
  • Linux Kernel 5.10.209 version
  • Linux Kernel 5.15.148 version
  • Linux Kernel 6.1.75 version
  • Linux Kernel 6.6.14 version
  • Linux Kernel 6.7.2 version
  • Linux Kernel 6.8-rc1 Version

 

Referenced Sites

 

[1] CVE-2023-52451 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52451

[2] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022257-CVE-2023-52451-7bdb@gregkh/

[3] CVE-2024-26582 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26582

[4] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/

[5] CVE-2024-26588 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26588#range-10357762

[6] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022256-CVE-2024-26588-d6d5@gregkh/

[7] CVE-2023-52441 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52441

[8] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022129-gently-activity-ca7d@gregkh/

[9] CVE-2023-52445 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52445

[10] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022253-CVE-2023-52445-07a6@gregkh/

[11] CVE-2023-52447 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52447

[12] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022255-CVE-2023-52447-e074@gregkh/

[13] CVE-2023-52440 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52440

[14] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022123-glance-wrinkle-26c1@gregkh/

[15] CVE-2023-52438 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52438

[16] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022017-slit-wish-e5d7@gregkh/

[17] CVE-2023-52439 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52439

[18] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022026-wobbling-jumbo-748e@gregkh/

[19] CVE-2023-52434 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52434

[20] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022033-makeshift-flammable-cb72@gregkh/

[21] CVE-2024-26586 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26586

[22] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022253-CVE-2024-26586-6632@gregkh/

[23] CVE-2023-52452 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52452

[24] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/#r

[25] CVE-2024-26589 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-26589

[26] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022257-CVE-2024-26589-0ee1@gregkh/

[27] CVE-2023-52444 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-52444#toggleConfig1

[28] linux-cve-announce.vger.kernel.org archive mirror

https://lore.kernel.org/linux-cve-announce/2024022252-CVE-2023-52444-f7ee@gregkh/

Tags:

Previous Post

Next Post