Linux Kernel Organization, Inc. Security Vulnerabilities

CVE-2023-52463

In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as RO so no one can...

Important: kernel

Issue Overview: 2024-05-09: CVE-2019-19965 was added to this advisory. A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this...

CVE-2023-52447

In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases...

Oracle Portal Demo Organization Chart Detection

The remote web server hosts the Oracle Portal Organization Chart demo...

CVE-2024-26885 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26885 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26883 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26883 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26901 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26901 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26903 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26903 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

Exploit for Use After Free in Arm Bifrost Gpu Kernel Driver

Exploit for CVE-2022-38181 for FireTV 2nd gen Cube This is...

Exploit for Use After Free in Linux Linux Kernel

CVE-2023-5178 The exploit for [CVE-2023-5178: NVMe-oF-TCP...

CVE-2022-48687

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through four attributes:...

CVE-2024-26884 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26884 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26881 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26881 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2023-52645

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if....

CVE-2024-26902 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26902 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26904 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26904 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2022-48660

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below command gpiomon --num-events=3 --rising-edge gpiochip1 25 There will be a warning trace as below:...

CVE-2024-36481

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parse_btf_field() btf_find_struct_member() might return NULL or an error via the ERR_PTR() macro. However, its caller in parse_btf_field() only checks for the NULL condition. Fix this by using...

CVE-2023-38431

An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds...

CVE-2021-47571

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid...

CVE-2021-47521

In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set...

CVE-2021-47542

In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg, and there is a...

CVE-2022-48672

In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which makes it possible to.....

CVE-2021-47546

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix memory leak in fib6_rule_suppress The kernel leaks memory when a fib rule is present in IPv6 nftables firewall rules and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as...

CVE-2024-26898 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26898 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26882 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26882 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26907 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26907 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-26909 affecting package kernel for versions less than 6.6.29.1-3

CVE-2024-26909 affecting package kernel for versions less than 6.6.29.1-3. An upgraded version of the package is available that resolves this...

CVE-2024-36897

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. ...

kernel security and bug fix update

[5.14.0-427.16.1_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update...

CVE-2021-47541

In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). After that...

Exploit for Execution with Unnecessary Privileges in Linux Linux Kernel

Linux Bluetooth: Unauthorized management command execution...

(RHSA-2024:2758) Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation (CVE-2023-6240) CVE-2024-25743 hw: amd: Instruction raise #VC exception at exit...

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details ** CVEID: CVE-2019-13631 DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code...

CVE-2023-38430

An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds...

Exploit for Integer Overflow or Wraparound in Linux Linux Kernel

Needle (CVE-2023-0179) exploit This repository contains the...

CVE-2024-26881

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD_TS_VLD_B bit, so,...

CVE-2017-17688

The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...

CVE-2024-24860

A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service...

CVE-2021-47516

In the Linux kernel, the following vulnerability has been resolved: nfp: Fix memory leak in nfp_cpp_area_cache_add() In line 800 (#1), nfp_cpp_area_alloc() allocates and initializes a CPP area structure. But in line 807 (#2), when the cache is allocated failed, this CPP area structure is not...

Exploit for Use After Free in Linux Linux Kernel

Use-After-Free in Netfilter nf_tables when processing batch...

CVE-2024-36288

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range...

(RHSA-2022:8267) Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516) use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640) smb2_ioctl_query_info NULL...

CVE-2024-24858

A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of...

CVE-2024-27015

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: incorrect pppoe tuple pppoe traffic reaching ingress path does not match the flowtable entry because the pppoe header is expected to be at the network header offset. This bug causes a mismatch in the flow...

RHEL 9 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges ...

RHEL 8 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048) Kernel:...

Security Bulletin: Multiple Linux Kernel vulnerabilities affect IBM Storage Scale System.

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a local authenticated attacker to gain elevated privileges on the system. Fixes for these vulnerabilities are available. CVE-2023-51043, CVE-2024-1086, CVE-2024-0646, CVE-2023-6932,.....

CVE-2022-48691

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): ...

Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section....