Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2024:0461
HistoryJan 24, 2024 - 2:41 p.m.

(RHSA-2024:0461) Important: kernel security update

2024-01-2414:41:01
access.redhat.com
11
kernel
security
update
cve
linux
operating system
tun
use after free
netfilter
integer overflow
null pointer dereference
slab out of bound
local priv escalation
nvme
vmwgfx
net sched

8.1 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.5%

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

  • kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

  • kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

  • kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

  • kernel: vmwgfx: reference count issue leads to use-after-free in surface handling (CVE-2023-5633)

  • kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

  • kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

  • kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402)

  • kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

  • kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

  • kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

  • kernel: use-after-free in netfilter: nf_tables (CVE-2023-3777)

  • kernel: use after free in nft_immediate_deactivate (CVE-2023-4015)

  • kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

  • kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

  • kernel: SEV-ES local priv escalation (CVE-2023-46813)

  • kernel: NULL pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c (CVE-2023-6679)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9s390xkernel-zfcpdump-modules-core< 5.14.0-362.18.1.el9_3kernel-zfcpdump-modules-core-5.14.0-362.18.1.el9_3.s390x.rpm
RedHat9s390xkernel-debug-devel-matched< 5.14.0-362.18.1.el9_3kernel-debug-devel-matched-5.14.0-362.18.1.el9_3.s390x.rpm
RedHat9x86_64kernel-rt-debug-devel< 5.14.0-362.18.1.el9_3kernel-rt-debug-devel-5.14.0-362.18.1.el9_3.x86_64.rpm
RedHat9aarch64kernel-debuginfo-common-aarch64< 5.14.0-362.18.1.el9_3kernel-debuginfo-common-aarch64-5.14.0-362.18.1.el9_3.aarch64.rpm
RedHat9aarch64libperf-debuginfo< 5.14.0-362.18.1.el9_3libperf-debuginfo-5.14.0-362.18.1.el9_3.aarch64.rpm
RedHat9ppc64lekernel-modules< 5.14.0-362.18.1.el9_3kernel-modules-5.14.0-362.18.1.el9_3.ppc64le.rpm
RedHat9aarch64kernel-devel-matched< 5.14.0-362.18.1.el9_3kernel-devel-matched-5.14.0-362.18.1.el9_3.aarch64.rpm
RedHat9ppc64lekernel-modules-extra< 5.14.0-362.18.1.el9_3kernel-modules-extra-5.14.0-362.18.1.el9_3.ppc64le.rpm
RedHat9s390xperf-debuginfo< 5.14.0-362.18.1.el9_3perf-debuginfo-5.14.0-362.18.1.el9_3.s390x.rpm
RedHat9x86_64kernel-modules-core< 5.14.0-362.18.1.el9_3kernel-modules-core-5.14.0-362.18.1.el9_3.x86_64.rpm
Rows per page:
1-10 of 1741

Related

oraclelinux 11
nessus 70
redhat 31
osv 5
rocky 1
almalinux 2
openvas 9
virtuozzo 1
ibm 2
cbl_mariner 12
cve 8
debiancve 8
ubuntu 3
prion 7
cvelist 6
cnvd 4
ubuntucve 8
redhatcve 8
veracode 1
photon 1
githubexploit 1
oraclelinux
oraclelinux
kernel security update
2024-03-07 00:00:00
kernel security update
2024-01-26 00:00:00
kernel security update
2024-02-29 00:00:00
nessus
nessus
RHEL 9 : kernel (RHSA-2024:0461)
2024-04-28 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-0461)
2024-03-07 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-12094)
2024-01-26 00:00:00
redhat
redhat
(RHSA-2024:0340) Important: kpatch-patch security update
2024-01-23 09:07:20
(RHSA-2024:0448) Important: kernel security and bug fix update
2024-01-24 14:40:50
(RHSA-2024:0439) Important: kernel-rt security update
2024-01-24 14:40:44
osv
osv
Important: kernel security update
2024-01-10 00:00:00
Important: kernel-rt security update
2024-01-12 19:57:11
Important: kernel security update
2024-02-20 00:00:00
rocky
rocky
kernel-rt security update
2024-01-12 19:57:11
almalinux
almalinux
Important: kernel security update
2024-01-10 00:00:00
Important: kernel security update
2024-02-20 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (Live Patch 27 for SLE 15 SP3) (SUSE-SU-2023:4871-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for the Linux Kernel (Live Patch 36 for SLE 15 SP3) (SUSE-SU-2023:4836-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for the Linux Kernel RT (Live Patch 5 for SLE 15 SP5) (SUSE-SU-2023:4775-1)
2024-03-04 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 163.1 for Virtuozzo Hybrid Server 7.5
2023-11-07 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL, Linux Kernel might affect IBM Storage Copy Data Management
2024-03-22 16:04:46
Security Bulletin: Multiple Linux Kernel vulnerabilities may affect IBM Storage Scale System
2024-04-04 11:02:32
cbl_mariner
cbl_mariner
CVE-2023-38409 affecting package kernel for versions less than 5.15.122.1-2
2023-08-10 16:37:57
CVE-2023-38409 affecting package hyperv-daemons for versions less than 5.15.122.1-1
2023-08-10 16:37:57
CVE-2023-38409 affecting package kernel 5.10.185.1-1
2023-08-15 16:37:27
cve
cve
CVE-2023-38409
2023-07-17 22:15:09
CVE-2023-40283
2023-08-14 03:15:09
CVE-2023-46813
2023-10-27 03:15:08
debiancve
debiancve
CVE-2023-38409
2023-07-17 22:15:09
CVE-2022-36402
2022-09-16 17:15:00
CVE-2023-6679
2023-12-11 18:31:28
ubuntu
ubuntu
Linux kernel (OEM) vulnerabilities
2023-10-04 00:00:00
Kernel Live Patch Security Notice
2023-11-28 00:00:00
Linux kernel (GCP) vulnerabilities
2023-10-23 00:00:00
prion
prion
Design/Logic Flaw
2023-07-17 22:15:00
Integer overflow
2022-09-16 17:15:00
Null pointer dereference
2023-12-11 19:15:00
cvelist
cvelist
CVE-2023-38409
2023-07-17 00:00:00
CVE-2022-36402 There is an int overflow vulnerability in vmwgfx driver
2022-09-06 00:00:00
CVE-2023-6679 Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
2023-12-11 18:31:28
cnvd
cnvd
Linux kernel fbcon.c file out-of-bounds read vulnerability
2023-07-19 00:00:00
Linux kernel input validation error vulnerability (CNVD-2022-69193)
2022-09-20 00:00:00
Linux kernel memory misreference vulnerability (CNVD-2023-64508)
2023-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2023-38409
2023-07-17 00:00:00
CVE-2022-36402
2022-09-16 00:00:00
CVE-2023-6679
2023-12-11 00:00:00
redhatcve
redhatcve
CVE-2022-41858
2022-11-22 14:26:24
CVE-2023-38409
2023-08-08 14:49:42
CVE-2022-36402
2022-10-13 14:30:12
veracode
veracode
Denial Of Service (DoS)
2023-03-06 19:20:31
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0101
2023-09-26 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-46813
2023-05-29 15:10:43

8.1 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.5%

JSON
Related for RHSA-2024:0461
oraclelinux11nessus70redhat31osv5rocky1almalinux2openvas9virtuozzo1ibm2cbl_mariner12cve8debiancve8ubuntu3prion7cvelist6cnvd4ubuntucve8redhatcve8veracode1photon1githubexploit1