In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade AlmaLinux:9
kernel-rt-debug-modules-extra
to version 0:5.14.0-284.11.1.rt14.296.el9_2 or higher.
This issue was patched in ALSA-2023:2148
.
Note: Versions mentioned in the description apply only to the upstream kernel-rt-debug-modules-extra
package and not the kernel-rt-debug-modules-extra
package as distributed by AlmaLinux
.
See How to fix?
for AlmaLinux:9
relevant fixed versions and status.
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).