7 matches found
Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefileswithdrawcookie bsc1229275. CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. CVE-2024-50264: vsock/virtio:...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.4 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and th...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.15 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and...
The vulnerability of the __dst_negative_advice() function in the Linux operating system’s IPv4 kernel protocol allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dstnegativeadvice function in the include/net/sock.h module of the Linux operating system’s IPv4 kernel implementation is related to the reutilization of previously freed memory due to competitive access to resources race condition. Exploiting this vulnerability could all...
DEBIAN-CVE-2024-36971
In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...
AZL-42622 CVE-2024-36971 affecting package kernel for versions less than 5.15.158.2-1
In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...