APAR status
Closed as program error.
Error description
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208) kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436) kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594) kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640) kernel: double free in usb_8dev_start_xmit (CVE-2022-28388) kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952) hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982) kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895) kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456) kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887) kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458) kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590) kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597) kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073) kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074) kernel: hid: Use After Free in asus_remove (CVE-2023-1079) kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118) kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206) kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252) kernel: denial of service in tipc_conn_close (CVE-2023-1382) kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989) kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513) kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161) kernel: out-of-bounds access in relay_file_read (CVE-2023-3268) kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772) kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132) kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732) Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455) kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545) kernel: Denial of service issue in az6027 driver (CVE-2023-28328) kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772) kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084) kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203) kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823) kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824) kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825) kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075) kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855) kernel: Use after free bug in r592_remove (CVE-2023-3141) kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)
Local fix
Problem summary
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744) kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208) kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436) kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975) kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594) kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640) kernel: double free in usb_8dev_start_xmit (CVE-2022-28388) kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952) hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982) kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895) kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456) kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887) kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458) kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590) kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597) kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073) kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074) kernel: hid: Use After Free in asus_remove (CVE-2023-1079) kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118) kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206) kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252) kernel: denial of service in tipc_conn_close (CVE-2023-1382) kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989) kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998) kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513) kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161) kernel: out-of-bounds access in relay_file_read (CVE-2023-3268) kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772) kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132) kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732) Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455) kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545) kernel: Denial of service issue in az6027 driver (CVE-2023-28328) kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772) kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084) kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203) kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823) kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824) kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825) kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075) kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855) kernel: Use after free bug in r592_remove (CVE-2023-3141) kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212) Show more
Problem conclusion
Fix is available in 10.6.1, 10.5.0.13, 10.6.0.1 For a list of the latest fix packs available, please see: https://www.ibm.com/support/pages/node/83105
Temporary fix
Comments
APAR Information
APAR number
IT46687
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
A5X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2024-08-09
Closed date
2024-08-23
Last modified date
2024-08-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A5X","Line of Business":{"code":"LOB67","label":"IT Automation \u0026 App Modernization"}}]
Document Information
Modified date:
23 August 2024