Alma Linux: CVE-2024-42283: Moderate: kernel security update (ALSA-2024-9605)
Description
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 The fields are reserved and therefore not currently used. But as they are, they leak kernel memory, and the fact they are not just zero complicates repurposing of the fields for new ends. Initialize the full structure.
Solution(s)
- alma-upgrade-bpftool
- alma-upgrade-kernel
- alma-upgrade-kernel-64k
- alma-upgrade-kernel-64k-core
- alma-upgrade-kernel-64k-debug
- alma-upgrade-kernel-64k-debug-core
- alma-upgrade-kernel-64k-debug-devel
- alma-upgrade-kernel-64k-debug-devel-matched
- alma-upgrade-kernel-64k-debug-modules
- alma-upgrade-kernel-64k-debug-modules-core
- alma-upgrade-kernel-64k-debug-modules-extra
- alma-upgrade-kernel-64k-devel
- alma-upgrade-kernel-64k-devel-matched
- alma-upgrade-kernel-64k-modules
- alma-upgrade-kernel-64k-modules-core
- alma-upgrade-kernel-64k-modules-extra
- alma-upgrade-kernel-abi-stablelists
- alma-upgrade-kernel-core
- alma-upgrade-kernel-cross-headers
- alma-upgrade-kernel-debug
- alma-upgrade-kernel-debug-core
- alma-upgrade-kernel-debug-devel
- alma-upgrade-kernel-debug-devel-matched
- alma-upgrade-kernel-debug-modules
- alma-upgrade-kernel-debug-modules-core
- alma-upgrade-kernel-debug-modules-extra
- alma-upgrade-kernel-debug-uki-virt
- alma-upgrade-kernel-devel
- alma-upgrade-kernel-devel-matched
- alma-upgrade-kernel-doc
- alma-upgrade-kernel-headers
- alma-upgrade-kernel-modules
- alma-upgrade-kernel-modules-core
- alma-upgrade-kernel-modules-extra
- alma-upgrade-kernel-rt
- alma-upgrade-kernel-rt-core
- alma-upgrade-kernel-rt-debug
- alma-upgrade-kernel-rt-debug-core
- alma-upgrade-kernel-rt-debug-devel
- alma-upgrade-kernel-rt-debug-modules
- alma-upgrade-kernel-rt-debug-modules-core
- alma-upgrade-kernel-rt-debug-modules-extra
- alma-upgrade-kernel-rt-devel
- alma-upgrade-kernel-rt-modules
- alma-upgrade-kernel-rt-modules-core
- alma-upgrade-kernel-rt-modules-extra
- alma-upgrade-kernel-tools
- alma-upgrade-kernel-tools-libs
- alma-upgrade-kernel-tools-libs-devel
- alma-upgrade-kernel-uki-virt
- alma-upgrade-kernel-uki-virt-addons
- alma-upgrade-kernel-zfcpdump
- alma-upgrade-kernel-zfcpdump-core
- alma-upgrade-kernel-zfcpdump-devel
- alma-upgrade-kernel-zfcpdump-devel-matched
- alma-upgrade-kernel-zfcpdump-modules
- alma-upgrade-kernel-zfcpdump-modules-core
- alma-upgrade-kernel-zfcpdump-modules-extra
- alma-upgrade-libperf
- alma-upgrade-perf
- alma-upgrade-python3-perf
- alma-upgrade-rtla
- alma-upgrade-rv
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center