A safety warning issued for the Linux kernel has obtained an replace from the BSI. You can learn an outline of the safety hole together with the most recent updates and details about affected working programs and merchandise right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 15, 2024 to a Linux kernel safety vulnerability identified on November 1, 2023. The safety vulnerability impacts the Linux working system and merchandise Red Hat Enterprise Linux, SUSE Linux, Oracle Linux, IBM Spectrum Protect, IBM Storage Scale, Open Source Linux Kernel, IBM Security Guardum and Dell NetWorker.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: IBM Security Bulletin 7152469 (From 15 May 2024). Some helpful hyperlinks are listed later on this article.
Linux Kernel Security Advisory – Risk: medium
Risk stage: 3 (average)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop programs. The CVSS normal makes it attainable to match potential or precise safety dangers primarily based on varied metrics with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally have in mind adjustments over time within the threat state of affairs. According to CVSS, the present vulnerability menace is taken into account “average” with 6.5 foundation factors.
Linux Kernel Bug: Multiple vulnerabilities enable denial of service
The kernel represents the core of the Linux working system.
A distant, licensed attacker can exploit a number of vulnerabilities within the Linux kernel to carry out a denial of service assault.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2023-1192 and CVE-2023-1193 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
IBM Spectrum Protect Plus 10.1 (cpe:/a:ibm:spectrum_protect)
IBM Storage Scale (cpe:/a:ibm:spectrum_scale)
Open Source Linux Kernel (cpe:/o:linux:linux_kernel)
IBM Security Guardium 12.0 (cpe:/a:ibm:security_guardium)
Dell NetWorker vProxyDell NetWorker vProxy
General steps for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually accommodates extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently test the desired sources to see if a brand new safety replace is accessible.
Manufacturer details about updates, patches and workarounds
Here you can see some hyperlinks with details about bug reviews, safety fixes and workarounds.
IBM Security Bulletin 7152469 vom 2024-05-15 (15.05.2024)
For extra info, see:
IBM Security Bulletin 7150143 vom 2024-05-03 (02.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26 (28.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23 (23.04.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23 (23.04.2024)
For extra info, see:
IBM Security Bulletin 7144861 vom 2024-03-20 (20.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1306 vom 2024-03-13 (13.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1250 vom 2024-03-12 (11.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0563 vom 2024-01-30 (30.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0562 vom 2024-01-30 (30.01.2024)
For extra info, see:
DELL Security Update (28.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0439 vom 2024-01-25 (25.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0412 vom 2024-01-25 (25.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0448 vom 2024-01-25 (25.01.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-7749 vom 2023-12-22 (26.12.2023)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-13047 vom 2023-12-14 (14.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7749 vom 2023-12-13 (12.12.2023)
For extra info, see:
Oracle Linux Security Advisory ELSA-2023-7549 vom 2023-12-02 (03.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7539 vom 2023-11-28 (28.11.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7549 vom 2023-11-28 (28.11.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7548 vom 2023-11-28 (28.11.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:4072-2 vom 2023-11-06 (06.11.2023)
For extra info, see:
GitHub Advisory Database vom 2023-11-01 (01.11.2023)
For extra info, see:
GitHub Advisory Database vom 2023-11-01 (01.11.2023)
For extra info, see:
Version historical past of this safety alert
This is model 17 of this Linux Kernel IT Security Notice. If additional updates are introduced, this doc will likely be up to date. You can see the adjustments made utilizing the model historical past beneath.
November 1, 2023 – First model
November 6, 2023 – New updates from SUSE added
11/28/2023 – New updates from Red Hat added
12/03/2023 – New Oracle Linux updates added
12/12/2023 – New updates from Red Hat added
December 14, 2023 – New Oracle Linux updates added
12/26/2023 – New Oracle Linux updates added
01/25/2024 – New updates from Red Hat added
01/28/2024 – New updates from Dell added
01/30/2024 – New updates from Red Hat added
03/11/2024 – New updates from Red Hat have been added
03/13/2024 – New updates from Red Hat have been added
03/20/2024 – New updates from IBM added
April 23, 2024 – New updates from Red Hat have been added
April 28, 2024 – New updates from SUSE added
May 2, 2024 – New updates from IBM added
May 15, 2024 – New updates from IBM added
+++ Editorial word: This doc relies on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you can see scorching information, present movies and a direct line to the editorial crew.
kns/roj/information.de