Home » Linux Kernel: Vulnerability might permit a denial of service

Linux Kernel: Vulnerability might permit a denial of service

by admin
Linux Kernel: Vulnerability might permit a denial of service

A safety warning issued for the Linux kernel has obtained an replace from the BSI. You can learn how affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) printed an replace on May 15, 2024 to a Linux kernel safety vulnerability recognized on October 29, 2023. The safety vulnerability impacts the Linux working system and merchandise Debian Linux, Amazon Linux 2, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Open Source Linux Kernel and IBM Security Guarddium.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin 7152469 (From 15 May 2024). Some helpful hyperlinks are listed later on this article.

Linux Kernel Security Advisory – Risk: medium

Risk stage: 3 (reasonable)
CVSS Base Score: 5.5
CVSS interim rating: 5.0
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS normal makes it attainable to match potential or precise safety dangers primarily based on numerous standards with the intention to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally consider modifications over time within the danger scenario. The magnitude of the vulnerability mentioned right here is rated as “reasonable” in accordance with the CVSS with a base rating of 5.5.

Linux Kernel Bug: Vulnerability Enables Denial of Service

The kernel represents the core of the Linux working system.

See also  Kindle on Prime Day 2023: Huge discount on Amazon offers

A neighborhood attacker can exploit a vulnerability within the Linux kernel to carry out a denial of service assault.

Vulnerabilities are recognized by a singular CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2023-46862 on the market.

Systems affected by the safety hole at a look

working system
Linux

Products
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Open supply Linux Kernel IBM Security Guardium 12.0 (cpe:/a:ibm:security_guardium)

General suggestions for addressing IT safety gaps

  1. Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically comprises extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly test if IT safety alert Affected producers present a brand new safety replace.

Manufacturer details about updates, patches and workarounds

Here you can find some hyperlinks with details about bug stories, safety fixes and workarounds.

IBM Security Bulletin 7152469 vom 2024-05-15 (15.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30 (29.04.2024)
For extra info, see:

Ubuntu Security Notice USN-6686-5 vom 2024-03-27 (27.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6705-1 vom 2024-03-20 (20.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6686-4 vom 2024-03-20 (20.03.2024)
For extra info, see:

See also  "Pinch to zoom" on Android phones just got better! 4 New Features of Google Apps - Free Electronic News 3C Technology

Ubuntu Security Notice USN-6686-3 vom 2024-03-19 (19.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6686-2 vom 2024-03-13 (13.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6686-1 vom 2024-03-08 (07.03.2024)
For extra info, see:

Ubuntu Security Notice USN-6652-1 vom 2024-02-23 (25.02.2024)
For extra info, see:

Ubuntu Security Notice USN-6624-1 vom 2024-02-07 (07.02.2024)
For extra info, see:

Amazon Linux Security Advisory ALASKERNEL-5.15-2024-035 vom 2024-01-23 (22.01.2024)
For extra info, see:

Amazon Linux Security Advisory ALASKERNEL-5.10-2024-047 vom 2024-01-23 (22.01.2024)
For extra info, see:

Debian Security Advisory DLA-3711 vom 2024-01-11 (11.01.2024)
For extra info, see:

Amazon Linux Security Advisory ALASKERNEL-5.10-2024-045 vom 2024-01-09 (09.01.2024)
For extra info, see:

Amazon Linux Security Advisory ALASKERNEL-5.15-2024-033 vom 2024-01-09 (09.01.2024)
For extra info, see:

Debian Security Advisory DSA-5594 vom 2024-01-02 (02.01.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4731-1 vom 2023-12-14 (14.12.2023)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4730-1 vom 2023-12-14 (14.12.2023)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4732-1 vom 2023-12-14 (14.12.2023)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4734-1 vom 2023-12-14 (14.12.2023)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4810-1 vom 2023-12-13 (13.12.2023)
For extra info, see:

SUSE Security Update SUSE-SU-2023:4782-1 vom 2023-12-13 (13.12.2023)
For extra info, see:

Ubuntu Security Notice USN-6533-1 vom 2023-12-06 (05.12.2023)
For extra info, see:

Proof of idea (PoC) (29.10.2023)
For extra info, see:

Github Commit vom 2023-10-29 (29.10.2023)
For extra info, see:

GitHub Advisory Database vom 2023-10-29 (29.10.2023)
For extra info, see:

Version historical past of this safety alert

This is model 17 of this Linux Kernel IT Security Notice. This doc will likely be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.

See also  OpenVPN: New security hole! Vulnerability allows privilege escalation

October 29, 2023 – First model
December 5, 2023 – Added new updates for Ubuntu
12/13/2023 – New updates from SUSE added
12/14/2023 – New updates from SUSE added
02.01.2024 – New updates from Debian added
January 9, 2024 – New updates from Amazon added
01/11/2024 – New updates from Debian added
01/22/2024 – New updates from Amazon added
02/07/2024 – Added new character updates
02/25/2024 – New replace for Ubuntu added
03/07/2024 – Added new character updates
03/13/2024 – Added new character updates
03/19/2024 – Added new character updates
03/20/2024 – Added new character updates
03/27/2024 – Added new updates for Ubuntu
April 29, 2024 – New updates from Red Hat have been added
May 15, 2024 – New updates from IBM added

+++ Editorial word: This doc is predicated on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find sizzling information, present movies and a direct line to the editorial crew.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy