Lucene search

K
redhatRedHatRHSA-2024:8157
HistoryOct 16, 2024 - 12:03 a.m.

(RHSA-2024:8157) Moderate: kernel security update

2024-10-1600:03:32
CWE-393
access.redhat.com
6
kernel
security update
linux
cve-2023-28746
cve-2021-47385
cve-2024-36244
cve-2024-39472
cve-2024-41056
cve-2024-41066
cve-2024-42090
cve-2024-42272
cve-2024-42284
information disclosure
null pointer dereference
buffer allocation
skb leak
deadlock
cvss score
acknowledgments
references section
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Local information disclosure on IntelĀ® AtomĀ® processors (CVE-2023-28746)

  • kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)

  • kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)

  • kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)

  • kernel: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CVE-2024-41056)

  • kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

  • kernel: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CVE-2024-42090)

  • kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272)

  • kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatkernel-rtRangeā‰¤4.18.0-553.22.1.rt7.363.el8_10
OR
redhatkernelRangeā‰¤4.18.0-553.22.1.el8_10
OR
redhatkernelRangeā‰¤4.18.0-372.118.1.el8_6
OR
redhatkernelRangeā‰¤4.18.0-477.70.1.el8_8
OR
redhatkernelRangeā‰¤5.14.0-427.40.1.el9_4
OR
redhatkernelRangeā‰¤5.14.0-284.88.1.el9_2
OR
redhatkernel-rtRangeā‰¤5.14.0-284.88.1.rt14.373.el9_2
OR
redhatkernelRangeā‰¤5.14.0-503.11.1.el9_5
OR
redhatkernelRangeā‰¤5.14.0-427.42.1.el9_4
OR
redhatkernel-rtRangeā‰¤4.18.0-553.16.1.rt7.357.el8_10
OR
redhatkernelRangeā‰¤4.18.0-553.16.1.el8_10
OR
redhatkernel-rtRangeā‰¤4.18.0-553.27.1.rt7.368.el8_10
OR
redhatkernelRangeā‰¤4.18.0-553.27.1.el8_10
OR
redhatkernelRangeā‰¤5.14.0-427.44.1.el9_4
OR
redhatmicrocode_ctlRangeā‰¤20240910-1.el9_5
OR
redhatkernelRangeā‰¤4.18.0-477.75.1.el8_8
AND
redhatenterprise_linuxMatchnfv
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatkernel-rt*cpe:2.3:o:redhat:kernel-rt:*:*:*:*:*:*:*:*
redhatkernel*cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*
redhatmicrocode_ctl*cpe:2.3:a:redhat:microcode_ctl:*:*:*:*:*:*:*:*
redhatenterprise_linuxnfvcpe:2.3:o:redhat:enterprise_linux:nfv:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High