Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2023-52513) ELSA-2024-3618: kernel update

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Oracle Linux: (CVE-2023-52513) ELSA-2024-3618: kernel update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
03/02/2024
Created
06/07/2024
Added
06/06/2024
Modified
06/06/2024

Description

In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Fix connection failure handling

In case immediate MPA request processing fails, the newly

created endpoint unlinks the listening endpoint and is

ready to be dropped. This special case was not handled

correctly by the code handling the later TCP socket close,

causing a NULL dereference crash in siw_cm_work_handler()

when dereferencing a NULL listener. We now also cancel

the useless MPA timeout, if immediate MPA request

processing fails.

This patch furthermore simplifies MPA processing in general:

Scheduling a useless TCP socket read in sk_data_ready() upcall

is now surpressed, if the socket is already moved out of

TCP_ESTABLISHED state.

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;