Home » Linux kernel is weak: vulnerability permits denial of service

Linux kernel is weak: vulnerability permits denial of service

by admin
Linux kernel is weak: vulnerability permits denial of service

As BSI stories, an IT safety alert, which considerations a vulnerability within the Linux kernel, has obtained an replace. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) issued an replace on May 16, 2024 to a safety vulnerability within the Linux kernel recognized on November 5, 2023. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Ubuntu Linux, SUSE Linux, EMC Avamar , Open Source Linux Kernel and Dell NetWorker.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Ubuntu Security Notice USN-6778-1 (From 16 May 2024). Some helpful sources are listed later on this article.

Linux Kernel Security Advisory – Risk: medium

Risk stage: 3 (average)
CVSS Base Score: 4.3
CVSS interim rating: 4.0
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS customary makes it attainable to match potential or precise safety dangers primarily based on numerous standards with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally bear in mind modifications over time within the danger state of affairs. According to CVSS, the present vulnerability risk is assessed as “average” with a base rating of 4.3.

Linux Kernel Bug: Vulnerability Enables Denial of Service

The kernel represents the core of the Linux working system.

See also  HP Envy x360 15 Convertible Laptop with NVIDIA RTX Graphics

An attacker at shut vary may exploit a vulnerability within the Linux kernel to carry out a denial of service assault.

Vulnerabilities had been categorized utilizing the CVE (Common Vulnerability and Exposure) designation system for every serial quantity CVE-2023-47233.

Systems affected by the safety hole at a look

working system
Linux

Products
Debian Linux (cpe:/o:debian:debian_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
EMC Avamar (cpe:/a:emc:avamar)
Open Source Linux Kernel Dell NetWorker digital (cpe:/a:dell:networker)

General steps for coping with IT vulnerabilities

  1. Users of the affected apps ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently verify if IT safety alert Affected producers present a brand new safety replace.

Manufacturer details about updates, patches and workarounds

Here you will discover some hyperlinks with details about bug stories, safety fixes and workarounds.

Ubuntu Security Notice USN-6778-1 vom 2024-05-16 (16.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6775-1 vom 2024-05-16 (16.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6776-1 vom 2024-05-16 (16.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6774-1 vom 2024-05-16 (16.05.2024)
For extra info, see:

Ubuntu Security Notice USN-6777-1 vom 2024-05-16 (16.05.2024)
For extra info, see:

See also  Sea of ​​Thieves: a true and complete pirate experience

Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra info, see:

Debian Security Advisory DSA-5681 vom 2024-05-06 (06.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0483-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0484-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0478-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0514-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0516-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0515-1 vom 2024-02-15 (15.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0474-1 vom 2024-02-14 (14.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0463-1 vom 2024-02-14 (14.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0468-1 vom 2024-02-14 (14.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0469-1 vom 2024-02-14 (14.02.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0476-1 vom 2024-02-14 (14.02.2024)
For extra info, see:

National Vulnerability Database vom 2023-11-05 (05.11.2023)
For extra info, see:

GitHub Advisory Database vom 2023-11-05 (05.11.2023)
For extra info, see:

Version historical past of this safety alert

This is model 6 of this Linux kernel IT safety discover. If additional updates are introduced, this doc shall be up to date. You can see the modifications made utilizing the model historical past under.

November 5, 2023 – First model
02/14/2024 – New updates from SUSE added
02/15/2024 – New updates from SUSE added
05/06/2024 – New updates from Debian added
May 7, 2024 – New updates from Dell added
May 16, 2024 – Added new character updates

+++ Editorial be aware: This doc is predicated on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

See also  Listed companies exceed 400 on the Science and Technology Innovation Board, and the growth attractiveness is highlighted_Enterprise_Market_Foreign Investment

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will discover scorching information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy