For example, this issue may cause a user to accidentally reveal sensitive information, or to be notified of a possible security issue in the media player. A race condition exists in the way drm_lease_held handles reference counting. This race condition can be exploited by local users to potentially cause a denial of service (kernel crash). Linux kernel version 3.8 and earlier had a use-after-free in the drm_kill_IOctl function in drivers/gpu/drm/drm_dip.c: when doing an ioctl for a dead vc device, due to a race condition. This issue does not affect systems with Linux kernel version 4.4 or later. Firmware versions affected are: radeon: possible crash in hw_dma_len_xfer() with some radeon cards. Intel: possible kernel crash with 5th generation Intel Core i7/i5/Xeon processors due to a race condition. AMD: possible kernel crash with 7th generation AMD Athlon processors due to a race condition. The update to the Linux kernel version 4.14.15 fixes these problems. System administrators are advised to update their system in order to prevent these vulnerabilities. End users who are concerned about these issues should take basic precautions such as keeping their systems up-to-date with the latest patches.
Red Hat has released an updated package that contains these fixes. The following packages have been updated to fix these issues: kernel-PAE
Kernel crash with Linux kernel version 3.10 or older
Red Hat Security Response Team has released a security update to correct a number of security issues in the Linux kernel. One of these issues may cause a user to accidentally reveal sensitive information, or to be notified of a possible security issue in the media player. A race condition exists in the way drm_lease_held handles reference counting. This race condition can be exploited by local users to potentially cause a denial of service (kernel crash).
#1--Why is digital marketing important?
Digital marketing is important because it helps grow your business. If you want people to know who you are, what you do, and how to contact your business, then digital marketing is for you!
Potential CPU exploitation through Software Vulnerability in Microcode Update
The Microcode Update feature in the Linux kernel uses microcode updates to allow for more efficient and effective hardware support. The update includes a new firmware update (firmware-intel-ucode) that is vulnerable to an out-of-bounds heap access issue. This issue may allow local users to execute arbitrary code with elevated privileges.
Kernel crash with PAE enabled (CVE-2022-1281)
The use-after-free in drm_kill_IOctl can be exploited by local users to crash the kernel with the following new line in /usr/src/linux/arch/x86/include/asm/unistd.h:
__get_user_pages_fast+0xa8 28a4829b w32 get_user_pages(struct taskfile *tfp, unsigned long nr)
{"kernel-PAE", "kernel-PAE-debuginfo", "kernel-PAE-debugsource"}
Security Fix: CVE-2016-10708
For example, the following kernel packages were updated to fix these issues: kernel-PAE
Hardware requirements
The following hardware is required to take full advantage of the updated packages:
- System with a CPU that supports virtualization-based security (VT-d)
Timeline
Published on: 04/13/2022 18:15:00 UTC
Last modified on: 04/20/2022 19:46:00 UTC