Lucene search

RedHatRHSA-2024:5259

HistoryAug 13, 2024 - 12:08 a.m.

(RHSA-2024:5259) Important: kernel security update

2024-08-1300:08:25

access.redhat.com

kernel packages

linux operating system

security update

uaf reads

/etc/shadow hashes

netfix

initramfs

tcp_cwnd_reduction

eventpoll_release_file

netfilter

ipset

gfs2

quota_change%u corruption

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

JSON

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)
net: fix __dst_negative_advice() race (CVE-2024-36971)

Bug Fix(es):

kernel.spec: run initramfs generation in %post (not only in %posttrans)
(RHEL-3292)
tcp: fix zero cwnd in tcp_cwnd_reduction (RHEL-43212)
epoll: fix use-after-free in eventpoll_release_file (RHEL-39665)
RHEL 7.9: include [net] netfilter: ipset: fix ip_set_list allocation failure (RHEL-6204)
gfs2: The gfs2_logd process to hang or stall which causes a performance degradation on the gfs2 filesystem (RHEL-8427)
[rhel7] gfs2: quota_change%u corruption (RHEL-37473)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7s390xkernel-debug< 3.10.0-1160.123.1.el7kernel-debug-3.10.0-1160.123.1.el7.s390x.rpm
RedHat7s390xperf< 3.10.0-1160.123.1.el7perf-3.10.0-1160.123.1.el7.s390x.rpm
RedHat7ppc64lepython-perf< 3.10.0-1160.123.1.el7python-perf-3.10.0-1160.123.1.el7.ppc64le.rpm
RedHat7ppc64lekernel-headers< 3.10.0-1160.123.1.el7kernel-headers-3.10.0-1160.123.1.el7.ppc64le.rpm
RedHat7ppc64bpftool-debuginfo< 3.10.0-1160.123.1.el7bpftool-debuginfo-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat7s390xkernel-debuginfo-common-s390x< 3.10.0-1160.123.1.el7kernel-debuginfo-common-s390x-3.10.0-1160.123.1.el7.s390x.rpm
RedHat7ppc64kernel-bootwrapper< 3.10.0-1160.123.1.el7kernel-bootwrapper-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat7ppc64kernel< 3.10.0-1160.123.1.el7kernel-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat7s390xkernel-debug-devel< 3.10.0-1160.123.1.el7kernel-debug-devel-3.10.0-1160.123.1.el7.s390x.rpm
RedHat7noarchkernel-abi-whitelists< 3.10.0-1160.123.1.el7kernel-abi-whitelists-3.10.0-1160.123.1.el7.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	7	s390x	kernel-debug	< 3.10.0-1160.123.1.el7	kernel-debug-3.10.0-1160.123.1.el7.s390x.rpm
RedHat	7	s390x	perf	< 3.10.0-1160.123.1.el7	perf-3.10.0-1160.123.1.el7.s390x.rpm
RedHat	7	ppc64le	python-perf	< 3.10.0-1160.123.1.el7	python-perf-3.10.0-1160.123.1.el7.ppc64le.rpm
RedHat	7	ppc64le	kernel-headers	< 3.10.0-1160.123.1.el7	kernel-headers-3.10.0-1160.123.1.el7.ppc64le.rpm
RedHat	7	ppc64	bpftool-debuginfo	< 3.10.0-1160.123.1.el7	bpftool-debuginfo-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat	7	s390x	kernel-debuginfo-common-s390x	< 3.10.0-1160.123.1.el7	kernel-debuginfo-common-s390x-3.10.0-1160.123.1.el7.s390x.rpm
RedHat	7	ppc64	kernel-bootwrapper	< 3.10.0-1160.123.1.el7	kernel-bootwrapper-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat	7	ppc64	kernel	< 3.10.0-1160.123.1.el7	kernel-3.10.0-1160.123.1.el7.ppc64.rpm
RedHat	7	s390x	kernel-debug-devel	< 3.10.0-1160.123.1.el7	kernel-debug-devel-3.10.0-1160.123.1.el7.s390x.rpm
RedHat	7	noarch	kernel-abi-whitelists	< 3.10.0-1160.123.1.el7	kernel-abi-whitelists-3.10.0-1160.123.1.el7.noarch.rpm