AmazonALAS-2024-1937Important: kernel
Issue Overview:
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftables: exthdr: fix 4-byte stack OOB write
If priv->len is a multiple of 4, then dst[len / 4] can write past
the destination array which leads to stack corruption.
This construct is necessary to clean the remainder of the register
in case ->len is NOT a multiple of the register size, so make it
conditional just like nft_payload.c does.
The bug was added in 4.1 cycle and then copied/inherited when
tcp/sctp and ip option support was added.
Bug reported by Zero Day Initiative project (ZDI-CAN-21950,
ZDI-CAN-21951, ZDI-CAN-21961). (CVE-2023-52628)
Affected Packages:
kernel
Issue Correction:
Run yum update kernel to update your system.
New Packages:
i686:
kernel-debuginfo-common-i686-4.14.343-183.564.amzn1.i686
perf-4.14.343-183.564.amzn1.i686
kernel-debuginfo-4.14.343-183.564.amzn1.i686
kernel-tools-debuginfo-4.14.343-183.564.amzn1.i686
perf-debuginfo-4.14.343-183.564.amzn1.i686
kernel-tools-4.14.343-183.564.amzn1.i686
kernel-tools-devel-4.14.343-183.564.amzn1.i686
kernel-devel-4.14.343-183.564.amzn1.i686
kernel-headers-4.14.343-183.564.amzn1.i686
kernel-4.14.343-183.564.amzn1.i686
src:
kernel-4.14.343-183.564.amzn1.src
x86_64:
kernel-tools-4.14.343-183.564.amzn1.x86_64
kernel-debuginfo-4.14.343-183.564.amzn1.x86_64
perf-4.14.343-183.564.amzn1.x86_64
kernel-debuginfo-common-x86_64-4.14.343-183.564.amzn1.x86_64
perf-debuginfo-4.14.343-183.564.amzn1.x86_64
kernel-tools-devel-4.14.343-183.564.amzn1.x86_64
kernel-tools-debuginfo-4.14.343-183.564.amzn1.x86_64
kernel-4.14.343-183.564.amzn1.x86_64
kernel-headers-4.14.343-183.564.amzn1.x86_64
kernel-devel-4.14.343-183.564.amzn1.x86_64
Additional References
Red Hat: CVE-2023-52628
Mitre: CVE-2023-52628
Related
