Lucene search

K
osvGoogleOSV:RXSA-2024:5101
HistorySep 17, 2024 - 12:57 a.m.

Important: kernel security update

2024-09-1700:57:33
Google
osv.dev
4
kernel security update
linux kernel
cves
bug fixes
rocky linux
aws
hyper-v
security enhancement

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)

  • kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)

  • kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)

  • kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)

  • kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)

  • kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)

  • kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)

  • kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)

  • kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

  • kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)

  • kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)

  • kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)

  • kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)

  • kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)

  • kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)

  • kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)

  • kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)

  • kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

  • kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)

  • (CVE-2023-28746)

  • (CVE-2023-52847)

  • (CVE-2021-47548)

  • (CVE-2024-36921)

  • (CVE-2024-26921)

  • (CVE-2021-47579)

  • (CVE-2024-36927)

  • (CVE-2024-39276)

  • (CVE-2024-33621)

  • (CVE-2024-27010)

  • (CVE-2024-26960)

  • (CVE-2024-38596)

  • (CVE-2022-48743)

  • (CVE-2024-26733)

  • (CVE-2024-26586)

  • (CVE-2024-26698)

  • (CVE-2023-52619)

Bug Fix(es):

  • Rocky Linux SIG Cloud8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux SIG Cloud-17678)

  • [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux SIG Cloud-23841)

  • [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux SIG Cloud-32941)

  • lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux SIG Cloud-33437)

  • [Hyper-V][Rocky Linux SIG Cloud-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux SIG Cloud-39074)

  • Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux SIG Cloud-40167)

  • blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux SIG Cloud-40939)

  • (JIRA:Rocky Linux SIG Cloud-31798)

  • (JIRA:Rocky Linux SIG Cloud-10263)

  • (JIRA:Rocky Linux SIG Cloud-40901)

  • (JIRA:Rocky Linux SIG Cloud-43547)

  • (JIRA:Rocky Linux SIG Cloud-34876)

Enhancement(s):

  • [RFE] Add module parameters ‘soft_reboot_cmd’ and ‘soft_active_on_boot’ for customizing softdog configuration (JIRA:Rocky Linux SIG Cloud-19723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

10

Confidence

High