Lucene search

K
redhatRedHatRHSA-2024:1404
HistoryMar 19, 2024 - 4:35 p.m.

(RHSA-2024:1404) Important: kernel security and bug fix update

2024-03-1916:35:08
access.redhat.com
31
kernel
security
bug fix
cve
jira
update
linux
usb
denial of service
buffer overflow
deadlock
out-of-bounds.

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.5%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (CVE-2021-43975)

  • kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)

  • kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (CVE-2022-41858)

  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

  • kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

  • kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

  • kernel: denial of service in tipc_conn_close (CVE-2023-1382)

  • kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

  • kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

  • kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

  • kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

  • kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

  • kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

  • kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

  • kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

  • The kernel is still getting hung up even after converting kernfs_mutex to kernfs_rwsem with massive concurrent kernfs access (open & lookup) performed by kubelet/node_exporter threads. (JIRA:RHEL-17149)

  • kernel: Rate limit overflow messages in r8152 in intr_callback (JIRA:RHEL-18810)

  • kernel: tun: avoid double free in tun_free_netdev (JIRA:RHEL-18813)

  • kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (JIRA:RHEL-18850)

  • kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19461)

  • ipoib mcast lockup fix (JIRA:RHEL-19698)

  • kernel: denial of service in tipc_conn_close (JIRA:RHEL-18824)

  • Rhel-8.6 crash at qed_get_current_link+0x11 during tx_timeout recovery (JIRA:RHEL-20923)

  • kernel: use-after-free in sch_qfq network scheduler (JIRA:RHEL-14402)

  • RHEL8.6 - s390/qeth: NET2016 - fix use-after-free in HSCI (JIRA:RHEL-15849)

  • RHEL8.6 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17883)

  • kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip (JIRA:RHEL-18582)

  • kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c (JIRA:RHEL-18799)

  • kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (JIRA:RHEL-18814)

  • kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-18998)

  • dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19110)

  • kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19327)

  • kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19451)

  • [RHEL8] I/O blocked during fio background with IO schedule switch, cpu offline/online, pci nvme rescan/reset (JIRA:RHEL-20231)

  • kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20298)

  • kernel: inactive elements in nft_pipapo_walk (JIRA:RHEL-20697)

  • kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (JIRA:RHEL-21661)

  • kernel NULL pointer at RIP: 0010:kyber_has_work+0x1c/0x60 (JIRA:RHEL-21784)

  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22090)

  • backport timerlat user-space support (JIRA:RHEL-20361)

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.5%