vulnerability
Oracle Linux: CVE-2024-41081: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | 07/29/2024 | 10/16/2024 | 01/23/2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
07/29/2024
Added
10/16/2024
Modified
01/23/2025
Description
In the Linux kernel, the following vulnerability has been resolved:
ila: block BH in ila_output()
As explained in commit 1378817486d6 ("tipc: block BH
before using dst_cache"), net/core/dst_cache.c
helpers need to be called with BH disabled.
ila_output() is called from lwtunnel_output()
possibly from process context, and under rcu_read_lock().
We might be interrupted by a softirq, re-enter ila_output()
and corrupt dst_cache data structures.
Fix the race by using local_bh_disable().
A race condition flaw was found in the Linux kernel's IP Last Anomaly (ILA) subsystem. This issue occurs when the `ila_output()` function, called from `lwtunnel_output()` in process context and under RCU read lock, could be interrupted by a softirq, leading to potential corruption of `dst_cache` data structures.
ila: block BH in ila_output()
As explained in commit 1378817486d6 ("tipc: block BH
before using dst_cache"), net/core/dst_cache.c
helpers need to be called with BH disabled.
ila_output() is called from lwtunnel_output()
possibly from process context, and under rcu_read_lock().
We might be interrupted by a softirq, re-enter ila_output()
and corrupt dst_cache data structures.
Fix the race by using local_bh_disable().
A race condition flaw was found in the Linux kernel's IP Last Anomaly (ILA) subsystem. This issue occurs when the `ila_output()` function, called from `lwtunnel_output()` in process context and under RCU read lock, could be interrupted by a softirq, leading to potential corruption of `dst_cache` data structures.
Solution
oracle-linux-upgrade-kernel-uek

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.