Rapid7 脆弱性 & 利用数据库

Amazon Linux AMI 2: CVE-2023-34324: Security patch for kernel (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
返回搜索

Amazon Linux AMI 2: CVE-2023-34324: Security patch for kernel (Multiple Advisories)

严重程度
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
发表
11/02/2023
创建
11/02/2023
添加
11/02/2023
修改
01/15/2024

描述

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action 和 the h和ling of a Xen console interrupt in an 贫穷的客人. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get 锁).

解决方案(年代)

  • amazon-linux-ami-2-upgrade-bpftool
  • amazon-linux-ami-2-upgrade-bpftool-debuginfo
  • amazon-linux-ami-2-upgrade-kernel
  • amazon-linux-ami-2-upgrade-kernel-debuginfo
  • amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64
  • amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64
  • amazon-linux-ami-2-upgrade-kernel-devel
  • amazon-linux-ami-2-upgrade-kernel-headers
  • amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-327-246-539
  • amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-198-187-748
  • amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-136-90-144
  • amazon-linux-ami-2-upgrade-kernel-tools
  • amazon-linux-ami-2-upgrade-kernel-tools-debuginfo
  • amazon-linux-ami-2-upgrade-kernel-tools-devel
  • amazon-linux-ami-2-upgrade-perf
  • amazon-linux-ami-2-upgrade-perf-debuginfo
  • amazon-linux-ami-2-upgrade-python-perf
  • amazon-linux-ami-2-upgrade-python-perf-debuginfo

参考文献

insightVM

Advanced vulnerability management analytics 和 reporting.
关键特性
Free InsightVM Trial 查看所有特性

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, 和 what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value 和 insight.

– Scott Cheney, 经理 of Information Security, Sierra View Medical Center

;