Lucene search

K
redhatRedHatRHSA-2024:1018
HistoryFeb 28, 2024 - 12:25 p.m.

(RHSA-2024:1018) Important: kernel security update

2024-02-2812:25:01
access.redhat.com
36
kernel
security update
privilege escalation
vulnerability issues
cvss score
linux operating system
cve page.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

69.5%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

  • kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

  • kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)

  • kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

  • kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

  • kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event’s read_size (CVE-2023-6931)

  • kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

  • kernel: use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (CVE-2023-51043)

  • kernel: nf_tables: use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (CVE-2024-1085)

  • kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.003

Percentile

69.5%