Lucene search

K
redhatRedHatRHSA-2024:6993
HistorySep 24, 2024 - 12:06 a.m.

(RHSA-2024:6993) Important: kernel security update

2024-09-2400:06:38
access.redhat.com
4
kernel
linux
security update
use-after-free
out of bounds
race condition
cve
netfilter
bluetooth
ipv6
hwmon
virtio-net
scsi
bonding
proc
tty
cpufreq
md
cppc_cpufreq
tproxy
ppp
wifi
drm/amdgpu
tcp_metrics

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

16.4%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)

  • kernel: smb: client: fix potential OOBs in smb2_parse_contexts() (CVE-2023-52434)

  • kernel: net: fix possible store tearing in neigh_periodic_work() (CVE-2023-52522)

  • kernel: tunnels: fix out of bounds access when building IPv6 PMTU error (CVE-2024-26665)

  • kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (CVE-2024-26698)

  • kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (CVE-2024-26772)

  • kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

  • kernel: x86/xen: Add some null pointer checking to smp.c (CVE-2024-26908)

  • kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

  • kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

  • kernel: cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (CVE-2022-48638)

  • kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020)

  • kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019)

  • kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399)

  • kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

  • kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

  • kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

  • kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

  • kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)

  • kernel: virtio-net: Add validation for used length (CVE-2021-47352)

  • kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)

  • kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (CVE-2023-52811)

  • kernel: bonding: stop the device in bond_setup_by_slave() (CVE-2023-52784)

  • kernel: isdn: mISDN: Fix sleeping function called from invalid context (CVE-2021-47468)

  • kernel: proc/vmcore: fix clearing user buffer by properly using clear_user() (CVE-2021-47566)

  • kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)

  • kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs (CVE-2024-36929)

  • kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978)

  • kernel: cpufreq: exit() callback is optional (CVE-2024-38615)

  • kernel: md: fix resync softlockup when bitmap size is less than array size (CVE-2024-38598)

  • kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)

  • kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270)

  • kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)

  • kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041)

  • kernel: ppp: reject claimed-as-LCP but actually malformed packets (CVE-2024-41044)

  • kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)

  • kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

  • kernel: tcp_metrics: validate source addr length (CVE-2024-42154)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

Low

EPSS

0

Percentile

16.4%