PT-2024-33774

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0-rc7+ Description: The issue arises when the Linux kernel's btrfs filesystem is backed by a RAID stripe tree and readahead is performed on the relocation inode. This can lead to an ENOENT error due to...

Medium: kernel

Issue Overview: A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcpgetsockopt/tcpsetsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.5.20240722 or dnf update --advisory ALAS2023-2024-658 --releasever 2023.5.20240722...

kernel: gro: fix ownership transfer

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

PT-2024-29135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel version 6.9.0 Description: The vulnerability is caused by the ionic driver sending a packet to the TX path with an rx page and corresponding dma address in the XDP TX path. After the transmission is done, the ionic tx clean...

Medium: kernel

Issue Overview: fpregsstatevalid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact because of incorrect fpufpregsownerctx caching,...

PT-2024-31330

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50 Description A vulnerability in the Linux kernel has been resolved, related to the Bluetooth driver btnxpuart. When unloading the driver, its associated timer is deleted. However, if the timer is modified a...

PT-2024-26840

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37 Description A vulnerability has been resolved in the Linux kernel, specifically in the ice driver. The issue is related to a potential deadlock situation that can occur when the ice reset vf function...

PT-2024-21614

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-05205-g77fadd89fe2d-dirty 213 Description The issue arises when the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to itself, resulting in a qdisc lock deadlock. Thi...

Advisory ROSA-SA-2024-2383

Software: kernel 3.10.0 OS: rosa-server79 packageevrstring: kernel-3.10.0-1160.105.1.el7 CVE-ID: CVE-2023-5178 BDU-ID: 2023-06750 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the nvmettcpfreecrypto function of the drivers/nvme/target/tcp.c file of the NVMe-oF/TCP subsystem of the NVMe-oF/TCP...

Important: kernel

Issue Overview: A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop error within the hook verdict, and hence the nfhookslow function can cause a double...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2023-035)

The version of kernel installed on the remote host is prior to 5.10.184-175.731. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2023-035 advisory. An issue was found in the Linux kernel's IPv6 TCP connection tracking code, which could lead to high CPU usage wi...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap CVE-2022-50240 In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap CVE-2022-50338 A flaw was found ...

Important: kernel

Issue Overview: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. CVE-2022-48425 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.0.20230614 or dnf update --advisory...

Important: kernel

Issue Overview: In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are...

Medium: kernel

Issue Overview: bpf: incorrect verifier pruning due to missing register precision taints, which may lead to out-of-band read/write access due to an incorrect verifier conclusion. CVE-2023-2163 qfqchangeclass in net/sched/schqfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write...

SUSE-SU-2023:1971-1 Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-95102 fixes several issues. The following security issues were fixed: - CVE-2023-0590: Fixed race condition in qdiscgraft bsc1207795. - CVE-2023-1118: Fixed a use-after-free bugs caused by enetxirqsim in media/rc bsc1208837. - CVE-2022-2991: Fixed an...

PT-2023-33182 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.12 Description: A bug in the btrfs qgroup inherit function may cause issues due to sleeping from an invalid context. The actual impact and potential for attacks have not been confirmed. Recommendations: For...

SUSE-SU-2022:4272-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with...