Lucene search

K
oraclelinuxOracleLinuxELSA-2024-12700
HistorySep 27, 2024 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2024-09-2700:00:00
linux.oracle.com
3
enterprise kernel
security update
memory leaks
command flush
use-after-free
infinite recursion

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

[4.1.12-124.90.3]

  • SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int (Dai Ngo) [Orabug: 37055439]
    [4.1.12-124.90.2]
  • scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Justin Tee) [Orabug: 36643241] {CVE-2024-35930}
  • scsi: qla2xxx: Fix command flush on cable pull (Quinn Tran) [Orabug: 36596617] {CVE-2024-26931}
  • VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 33917166]
    [4.1.12-124.90.1]
  • i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Sindhu Devale) [Orabug: 36643519] {CVE-2024-36004}
  • dyndbg: fix old BUG_ON in >control parser (Jim Cromie) [Orabug: 36643340] {CVE-2024-35947}
  • btrfs: send: handle path ref underflow in header iterate_inode_ref() (David Sterba) [Orabug: 36643269] {CVE-2024-35935}
  • ipv6: Fix infinite recursion in fib6_dump_done(). (Kuniyuki Iwashima) [Orabug: 36643095] {CVE-2024-35886}
  • x86/mm/pat: fix VM_PAT handling in COW mappings (David Hildenbrand) [Orabug: 36643059] {CVE-2024-35877}

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low