CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
20.6%
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
kernel: uio: Fix use-after-free in uio_open (CVE-2023-52439)
kernel: net/sched: act_mirred: don’t override retval if we already lost the skb (CVE-2024-26739)
kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947)
kernel: scsi: qla2xxx: Fix command flush on cable pull (CVE-2024-26931)
kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer (CVE-2024-26930)
kernel: scsi: qla2xxx: Fix double free of fcport (CVE-2024-26929)
kernel: fork: defer linking file vma until vma is fully initialized (CVE-2024-27022)
kernel: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (CVE-2024-26991)
kernel: bpf, sockmap: Prevent lock inversion deadlock in map delete elem (CVE-2024-35895)
kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (CVE-2024-36016)
kernel: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (CVE-2024-36899)
kernel: cpufreq: exit() callback is optional (CVE-2024-38615)
kernel: ring-buffer: Fix a race between readers and resize checks (CVE-2024-38601)
kernel: cppc_cpufreq: Fix possible null pointer dereference (CVE-2024-38573)
kernel: gfs2: Fix potential glock use-after-free on unmount (CVE-2024-38570)
kernel: wifi: nl80211: Avoid address calculations via out of bounds array indexing (CVE-2024-38562)
kernel: Input: cyapa - add missing input core locking to suspend/resume functions (CVE-2023-52884)
kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)
kernel: wifi: mt76: replace skb_put with skb_put_zero (CVE-2024-42225)
kernel: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CVE-2024-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | kernel | * | cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:* |
redhat | kernel-rt | * | cpe:2.3:o:redhat:kernel-rt:*:*:*:*:*:*:*:* |
redhat | enterprise_linux | 9 | cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:* |
redhat | enterprise_linux | nfv | cpe:2.3:o:redhat:enterprise_linux:nfv:*:*:*:*:*:*:* |
redhat | enterprise_linux | 8 | cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:* |