Lucene search

K
osvGoogleOSV:RLSA-2024:5101
HistoryAug 21, 2024 - 2:52 p.m.

Important: kernel security update

2024-08-2114:52:19
Google
osv.dev
13
kernel
security
update
powerpc
efivarfs
tracing
ext4
net/sched
stmmac
efi
quota
tipc
sunrpc
dmaengine/idxd
net/mlx5
x86/fpu
dyndbg
x86/mce
platform/x86
tipc
cve
bug fix
rocky linux
aws
hyper-v
enhancement
jira

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0.001

Percentile

43.7%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)

  • kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)

  • kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

  • kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)

  • kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)

  • kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)

  • kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)

  • kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)

  • kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

  • kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)

  • kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

  • kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)

  • kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)

  • kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)

  • kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)

  • kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)

  • kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)

  • kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

  • kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)

  • (CVE-2023-28746)

  • (CVE-2023-52847)

  • (CVE-2021-47548)

  • (CVE-2024-36921)

  • (CVE-2024-26921)

  • (CVE-2021-47579)

  • (CVE-2024-36927)

  • (CVE-2024-39276)

  • (CVE-2024-33621)

  • (CVE-2024-27010)

  • (CVE-2024-26960)

  • (CVE-2024-38596)

  • (CVE-2022-48743)

  • (CVE-2024-26733)

  • (CVE-2024-26586)

  • (CVE-2024-26698)

  • (CVE-2023-52619)

Bug Fix(es):

  • Rocky Linux8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux-17678)

  • [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux-23841)

  • [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux-32941)

  • lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux-33437)

  • [Hyper-V][Rocky Linux-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux-39074)

  • Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux-40167)

  • blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux-40939)

  • (JIRA:Rocky Linux-31798)

  • (JIRA:Rocky Linux-10263)

  • (JIRA:Rocky Linux-40901)

  • (JIRA:Rocky Linux-43547)

  • (JIRA:Rocky Linux-34876)

Enhancement(s):

  • [RFE] Add module parameters ‘soft_reboot_cmd’ and ‘soft_active_on_boot’ for customizing softdog configuration (JIRA:Rocky Linux-19723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

Low

EPSS

0.001

Percentile

43.7%