Lucene search

K
redhatRedHatRHSA-2024:2394
HistoryApr 30, 2024 - 6:15 a.m.

(RHSA-2024:2394) Important: kernel security, bug fix, and enhancement update

2024-04-3006:15:35
access.redhat.com
74
kernel
security
bug fix
vulnerabilities
privilege escalation
use-after-free
impersonation attack
memory exhaustion
null pointer
integer overflow
out-of-bounds access
uaf
boundary write
access control
double free
out-of-bounds read
memory leak
race condition
remote code execution
crypto requests
stack corruption
reduce ability
dos vulnerability
filter address
reject parameters

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

71.3%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

  • kernel: multiple use-after-free vulnerabilities (CVE-2024-1086, CVE-2023-3567, CVE-2023-4133, CVE-2023-6932, CVE-2023-39198, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2024-1085, CVE-2024-26582)

  • kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)

  • kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion (CVE-2022-0480)

  • kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-38096, CVE-2023-6622, CVE-2023-6915, CVE-2023-42754, CVE-2023-46862, CVE-2023-52574, CVE-2024-0841, CVE-2023-52448)

  • kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c (CVE-2022-45934)

  • kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable() (CVE-2023-6040)

  • kernel: GC’s deletion of an SKB races with unix_stream_read_generic() leading to UAF (CVE-2023-6531)

  • kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event’s read_size (CVE-2023-6931)

  • kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses (CVE-2023-24023)

  • kernel: irdma: Improper access control (CVE-2023-25775)

  • Kernel: double free in hci_conn_cleanup of the bluetooth subsystem (CVE-2023-28464)

  • kernel: Bluetooth: HCI: global out-of-bounds access in net/bluetooth/hci_sync.c (CVE-2023-28866)

  • kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in hci_uart_tty_ioctl (CVE-2023-31083)

  • kernel: multiple out-of-bounds read vulnerabilities (CVE-2023-37453, CVE-2023-39189, CVE-2023-39193, CVE-2023-6121, CVE-2023-39194)

  • kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP (CVE-2023-42756)

  • kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write (CVE-2023-45863)

  • kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)

  • kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

  • kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)

  • kernel: multiple memory leak vulnerabilities (CVE-2023-52529, CVE-2023-52581)

  • kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

  • kernel: net/core: kernel crash in ETH_P_1588 flow dissector (CVE-2023-52580)

  • kernel: net/sched: act_ct: fix skb leak and crash on ooo frags (CVE-2023-52610)

  • kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

  • kernel: tls: race between async notify and socket close (CVE-2024-26583)

  • kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

  • kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

  • kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)

  • kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)

  • kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

  • kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters (CVE-2024-26609)

  • kernel: local dos vulnerability in scatterwalk_copychunks (CVE-2023-6176)

  • kernel: perf/x86/lbr: Filter vsyscall addresses (CVE-2023-52476)

  • kernel: netfilter: nf_tables: disallow timeout for anonymous sets (CVE-2023-52620)

  • kernel: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

CVSS2

4.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.003

Percentile

71.3%