Lucene search

K
cloudlinuxCloudLinuxCLSA-2024:1709204778
HistoryFeb 29, 2024 - 11:06 a.m.

kernel: Fix of 7 CVEs

2024-02-2911:06:21
repo.cloudlinux.com
16
kvm
xen
xfs
net_sched
atm
ida
drm/atomic
fix
security updates
use-after-free
data leaking
non-directory creation
potential use-after-free
do_vcc_ioctl
ida_free
bitmap

6.1 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.6%

  • KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) {CVE-2021-3653}
  • xen/netfront: fix leaking data in shared pages {CVE-2022-33740}
  • xfs: fix up non-directory creation in SGID directories {CVE-2021-4037}
  • net_sched: cls_route: remove from list when handle is 0 {CVE-2022-2588}
  • atm: Fix Use-After-Free in do_vcc_ioctl {CVE-2023-51780}
  • ida: Fix crash in ida_free when the bitmap is empty {CVE-2023-6915}
  • drm/atomic: Fix potential use-after-free in nonblocking commits {CVE-2023-51043}

6.1 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.6%