Improper Validation of Array Index Affecting kernel-tools-devel package, versions <0:4.14.334-252.552.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELTOOLSDEVEL-8382562
- published 16 Nov 2024
- disclosed 21 May 2024
How to fix?
Upgrade Amazon-Linux:2
kernel-tools-devel
to version 0:4.14.334-252.552.amzn2 or higher.
This issue was patched in ALAS2-2024-2391
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel
package and not the kernel-tools-devel
package as distributed by Amazon-Linux
.
See How to fix?
for Amazon-Linux:2
relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
For pptable structs that use flexible array sizes, use flexible arrays.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52818
- https://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94
- https://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3
- https://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4
- https://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97
- https://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47
- https://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f
- https://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928
- https://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498
- https://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b