SB20240702103 - Buffer overflow in Linux kernel pstore

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2023-52619)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/8b69c30f4e8b69131d92096cb296dc1f217101e4
• https://git.kernel.org/stable/c/e9f6ac50890104fdf8194f2865680689239d30fb
• https://git.kernel.org/stable/c/a63e48cd835c34c38ef671d344cc029b1ea5bf10
• https://git.kernel.org/stable/c/2a37905d47bffec61e95d99f0c1cc5dc6377956c
• https://git.kernel.org/stable/c/75b0f71b26b3ad833c5c0670109c0af6e021e86a
• https://git.kernel.org/stable/c/0593cfd321df9001142a9d2c58d4144917dff7ee
• https://git.kernel.org/stable/c/cd40e43f870cf21726b22487a95ed223790b3542
• https://git.kernel.org/stable/c/d49270a04623ce3c0afddbf3e984cb245aa48e9c
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8