CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
16.4%
Issue Overview:
2024-08-14: CVE-2024-26922 was added to this advisory.
2024-08-01: CVE-2024-27020 was added to this advisory.
2024-08-01: CVE-2024-26981 was added to this advisory.
2024-08-01: CVE-2024-27013 was added to this advisory.
2024-07-03: CVE-2024-36940 was added to this advisory.
2024-07-03: CVE-2024-26923 was added to this advisory.
2024-07-03: CVE-2024-36902 was added to this advisory.
2024-07-03: CVE-2024-36017 was added to this advisory.
2024-07-03: CVE-2024-36959 was added to this advisory.
2024-07-03: CVE-2024-36886 was added to this advisory.
2024-07-03: CVE-2024-36905 was added to this advisory.
2024-07-03: CVE-2024-36954 was added to this advisory.
2024-07-03: CVE-2024-36883 was added to this advisory.
2024-07-03: CVE-2024-35947 was added to this advisory.
2024-07-03: CVE-2023-52578 was added to this advisory.
2024-07-03: CVE-2021-47110 was removed from this advisory.
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. (CVE-2023-30456)
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: use DEV_STATS_INC() (CVE-2023-52578)
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate the parameters of bo mapping operations more clearly (CVE-2024-26922)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix OOB in nilfs_set_de_type (CVE-2024-26981)
In the Linux kernel, the following vulnerability has been resolved:
tun: limit printing rate when illegal packet received by tun dev (CVE-2024-27013)
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020)
In the Linux kernel, the following vulnerability has been resolved:
dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017)
In the Linux kernel, the following vulnerability has been resolved:
net: fix out-of-bounds access in ops_init (CVE-2024-36883)
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix UAF in error path (CVE-2024-36886)
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CVE-2024-36902)
In the Linux kernel, the following vulnerability has been resolved:
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (CVE-2024-36905)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: core: delete incorrect free in pinctrl_enable() (CVE-2024-36940)
In the Linux kernel, the following vulnerability has been resolved:
tipc: fix a possible memleak in tipc_buf_append (CVE-2024-36954)
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (CVE-2024-36959)
Affected Packages:
kernel
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update kernel to update your system.
New Packages:
aarch64:
kernel-4.14.348-265.562.amzn2.aarch64
kernel-headers-4.14.348-265.562.amzn2.aarch64
kernel-debuginfo-common-aarch64-4.14.348-265.562.amzn2.aarch64
perf-4.14.348-265.562.amzn2.aarch64
perf-debuginfo-4.14.348-265.562.amzn2.aarch64
python-perf-4.14.348-265.562.amzn2.aarch64
python-perf-debuginfo-4.14.348-265.562.amzn2.aarch64
kernel-tools-4.14.348-265.562.amzn2.aarch64
kernel-tools-devel-4.14.348-265.562.amzn2.aarch64
kernel-tools-debuginfo-4.14.348-265.562.amzn2.aarch64
kernel-devel-4.14.348-265.562.amzn2.aarch64
kernel-debuginfo-4.14.348-265.562.amzn2.aarch64
i686:
kernel-headers-4.14.348-265.562.amzn2.i686
src:
kernel-4.14.348-265.562.amzn2.src
x86_64:
kernel-4.14.348-265.562.amzn2.x86_64
kernel-headers-4.14.348-265.562.amzn2.x86_64
kernel-debuginfo-common-x86_64-4.14.348-265.562.amzn2.x86_64
perf-4.14.348-265.562.amzn2.x86_64
perf-debuginfo-4.14.348-265.562.amzn2.x86_64
python-perf-4.14.348-265.562.amzn2.x86_64
python-perf-debuginfo-4.14.348-265.562.amzn2.x86_64
kernel-tools-4.14.348-265.562.amzn2.x86_64
kernel-tools-devel-4.14.348-265.562.amzn2.x86_64
kernel-tools-debuginfo-4.14.348-265.562.amzn2.x86_64
kernel-devel-4.14.348-265.562.amzn2.x86_64
kernel-debuginfo-4.14.348-265.562.amzn2.x86_64
kernel-livepatch-4.14.348-265.562-1.0-0.amzn2.x86_64
Red Hat: CVE-2023-30456, CVE-2023-52578, CVE-2024-26922, CVE-2024-26923, CVE-2024-26981, CVE-2024-27013, CVE-2024-27020, CVE-2024-35947, CVE-2024-36017, CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36905, CVE-2024-36940, CVE-2024-36954, CVE-2024-36959
Mitre: CVE-2023-30456, CVE-2023-52578, CVE-2024-26922, CVE-2024-26923, CVE-2024-26981, CVE-2024-27013, CVE-2024-27020, CVE-2024-35947, CVE-2024-36017, CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36905, CVE-2024-36940, CVE-2024-36954, CVE-2024-36959