Lucene search

K
redhatRedHatRHSA-2024:6997
HistorySep 24, 2024 - 12:08 a.m.

(RHSA-2024:6997) Important: kernel security update

2024-09-2400:08:08
CWE-787
access.redhat.com
8
kernel
security update
cve
use-after-free
double free
out-of-bounds.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.6%

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)

  • kernel: net/sched: act_mirred: don’t override retval if we already lost the skb (CVE-2024-26739)

  • kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947)

  • kernel: scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931)

  • kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer (CVE-2024-26930)

  • kernel: scsi: qla2xxx: Fix double free of fcport (CVE-2024-26929)

  • kernel: fork: defer linking file vma until vma is fully initialized (CVE-2024-27022)

  • kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (CVE-2024-26991)

  • kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)

  • kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)

  • kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)

  • kernel: cpufreq: exit() callback is optional (CVE-2024-38615)

  • kernel: ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601)

  • kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)

  • kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)

  • kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing (CVE-2024-38562)

  • kernel: Input: cyapa - add missing input core locking to suspend/resume functions (CVE-2023-52884)

  • kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)

  • kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)

  • kernel: wifi: mt76: replace skb_put with skb_put_zero (CVE-2024-42225)

  • kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatkernelRange5.14.0-427.37.1.el9_4
OR
redhatkernel-rtRange4.18.0-553.16.1.rt7.357.el8_10
OR
redhatkernelRange4.18.0-553.16.1.el8_10
OR
redhatkernelRange4.18.0-477.74.1.el8_8
OR
redhatkernelRange5.14.0-284.84.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.84.1.rt14.369.el9_2
OR
redhatkernelRange4.18.0-553.22.1.el8_10
OR
redhatkernelRange5.14.0-284.75.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.75.1.rt14.360.el9_2
OR
redhatkernelRange5.14.0-284.77.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.77.1.rt14.362.el9_2
OR
redhatkernelRange5.14.0-284.82.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.82.1.rt14.367.el9_2
OR
redhatkernel-rtRange4.18.0-553.27.1.rt7.368.el8_10
OR
redhatkernelRange4.18.0-553.27.1.el8_10
OR
redhatkernelRange5.14.0-70.117.1.el9_0
OR
redhatkernel-rtRange5.14.0-70.117.1.rt21.189.el9_0
OR
redhatkernel-rtRange4.18.0-553.22.1.rt7.363.el8_10
OR
redhatkernelRange4.18.0-372.119.1.el8_6
OR
redhatkernelRange4.18.0-477.70.1.el8_8
OR
redhatkernelRange5.14.0-284.73.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.73.1.rt14.358.el9_2
OR
redhatkernelRange5.14.0-284.85.1.el9_2
OR
redhatkernel-rtRange5.14.0-284.85.1.rt14.370.el9_2
OR
redhatkernel-rtRange4.18.0-553.5.1.rt7.346.el8_10
OR
redhatkernelRange4.18.0-553.5.1.el8_10
OR
redhatkernelRange4.18.0-372.118.1.el8_6
OR
redhatkernelRange2.6.32-754.54.1.el6
OR
redhatkernelRange3.10.0-1062.91.1.el7
OR
redhatkernel-rtRange3.10.0-1160.125.1.rt56.1277.el7
OR
redhatkernelRange3.10.0-1160.125.1.el7
OR
redhatkernelRange4.18.0-193.141.1.el8_2
OR
redhatkernelRange4.18.0-305.141.1.el8_4
OR
redhatkernel-rtRange4.18.0-305.141.1.rt7.217.el8_4
OR
redhatkernelRange4.18.0-372.124.1.el8_6
AND
redhatenterprise_linuxMatch9
OR
redhatenterprise_linuxMatchnfv
OR
redhatenterprise_linuxMatch8
VendorProductVersionCPE
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*
redhatkernel-rt*cpe:2.3:o:redhat:kernel-rt:*:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
redhatenterprise_linuxnfvcpe:2.3:o:redhat:enterprise_linux:nfv:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

20.6%