Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Important: kernel security and bug fix update

Related Vulnerabilities: CVE-2021-3640   CVE-2021-4204   CVE-2021-30002   CVE-2021-34866   CVE-2022-0168   CVE-2022-0500   CVE-2022-0617   CVE-2022-1462   CVE-2022-2078   CVE-2022-2586   CVE-2022-2663   CVE-2022-3524   CVE-2022-3545   CVE-2022-3566   CVE-2022-3594   CVE-2022-3619   CVE-2022-3623   CVE-2022-3707   CVE-2022-21499   CVE-2022-23222   CVE-2022-24448   CVE-2022-25265   CVE-2022-28388   CVE-2022-28390   CVE-2022-28893   CVE-2022-36946   CVE-2022-39189   CVE-2022-45887   CVE-2023-0458   CVE-2023-1075   CVE-2023-1252   CVE-2023-1989   CVE-2023-2166   CVE-2023-2176   CVE-2023-3141   CVE-2023-4132   CVE-2023-4921   CVE-2023-5717   CVE-2023-6356   CVE-2023-6535   CVE-2023-6536   CVE-2023-6610   CVE-2023-6817   CVE-2023-6932   CVE-2023-20569   CVE-2023-23455   CVE-2023-28328   CVE-2023-28772   CVE-2023-35825   CVE-2023-40283   CVE-2023-45862   CVE-2023-46813   CVE-2024-0646  

Source

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)
  • kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)
  • kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
  • kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
  • kernel: improper input validation may lead to privilege escalation (CVE-2021-4204)
  • kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)
  • kernel: eBPF verification flaw (CVE-2021-34866)
  • kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)
  • kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges (CVE-2022-0500)
  • kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
  • kernel: possible race condition in drivers/tty/tty_buffers.c (CVE-2022-1462)
  • kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)
  • kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
  • kernel: netfilter: nf_conntrack_irc message handling issue (CVE-2022-2663)
  • kernel: memory leak in ipv6_renew_options() (CVE-2022-3524)
  • kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)
  • kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt (CVE-2022-3566)
  • kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)
  • kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (CVE-2022-3619)
  • kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry (CVE-2022-3623)
  • kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed (CVE-2022-3707)
  • kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
  • kernel: local privileges escalation in kernel/bpf/verifier.c (CVE-2022-23222)
  • kernel: Executable Space Protection Bypass (CVE-2022-25265)
  • kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c (CVE-2022-28388)
  • kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Virtualization Host 4 for RHEL 8 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 1946279 - CVE-2021-30002 kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c
  • BZ - 1980646 - CVE-2021-3640 kernel: use-after-free vulnerability in function sco_sock_sendmsg()
  • BZ - 2000457 - CVE-2021-34866 kernel: eBPF verification flaw
  • BZ - 2037386 - CVE-2022-0168 kernel: smb2_ioctl_query_info NULL pointer dereference
  • BZ - 2039178 - CVE-2021-4204 kernel: improper input validation may lead to privilege escalation
  • BZ - 2043520 - CVE-2022-23222 kernel: local privileges escalation in kernel/bpf/verifier.c
  • BZ - 2044578 - CVE-2022-0500 kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges
  • BZ - 2051444 - CVE-2022-24448 kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR
  • BZ - 2053632 - CVE-2022-0617 kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback
  • BZ - 2055499 - CVE-2022-25265 kernel: Executable Space Protection Bypass
  • BZ - 2073064 - CVE-2022-28390 kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
  • BZ - 2073091 - CVE-2022-28388 kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c
  • BZ - 2074208 - CVE-2022-28893 kernel: use after free in SUNRPC subsystem
  • BZ - 2078466 - CVE-2022-1462 kernel: possible race condition in drivers/tty/tty_buffers.c
  • BZ - 2084183 - CVE-2022-21499 kernel: possible to use the debugger to write zero into a location of choice
  • BZ - 2096178 - CVE-2022-2078 kernel: buffer overflow in nft_set_desc_concat_parse()
  • BZ - 2114878 - CVE-2022-2586 kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation
  • BZ - 2115278 - CVE-2022-36946 kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c
  • BZ - 2123056 - CVE-2022-2663 kernel: netfilter: nf_conntrack_irc message handling issue
  • BZ - 2124788 - CVE-2022-39189 kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning
  • BZ - 2137979 - CVE-2022-3707 kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
  • BZ - 2143893 - CVE-2022-3566 kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt
  • BZ - 2148520 - CVE-2022-45887 kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c
  • BZ - 2149024 - CVE-2022-3594 kernel: Rate limit overflow messages in r8152 in intr_callback
  • BZ - 2150947 - CVE-2022-3524 kernel: memory leak in ipv6_renew_options()
  • BZ - 2154235 - CVE-2022-3619 kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c
  • BZ - 2161310 - CVE-2022-3545 kernel: nfp: use-after-free in area_cache_get()
  • BZ - 2165721 - CVE-2022-3623 kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry
  • BZ - 2168332 - CVE-2023-23455 Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion
  • BZ - 2173434 - CVE-2023-1075 kernel: net/tls: tls_is_tx_ready() checked list_entry
  • BZ - 2176140 - CVE-2023-1252 kernel: ovl: fix use after free in struct ovl_aio_req
  • BZ - 2177389 - CVE-2023-28328 kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c
  • BZ - 2181330 - CVE-2023-28772 kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow
  • BZ - 2185945 - CVE-2023-1989 kernel: Use after free bug in btsdio_remove due to race condition
  • BZ - 2187813 - CVE-2023-2166 kernel: NULL pointer dereference in can_rcv_filter
  • BZ - 2187931 - CVE-2023-2176 kernel: Slab-out-of-bound read in compare_netdev_and_ip
  • BZ - 2193219 - CVE-2023-0458 kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c
  • BZ - 2207625 - CVE-2023-20569 hw amd: Return Address Predictor vulnerability leading to information disclosure
  • BZ - 2213199 - CVE-2023-3141 kernel: Use after free bug in r592_remove
  • BZ - 2215837 - CVE-2023-35825 kernel: r592: race condition leading to use-after-free in r592_remove()
  • BZ - 2221707 - CVE-2023-4132 kernel: smsusb: use-after-free caused by do_submit_urb()
  • BZ - 2231800 - CVE-2023-40283 kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
  • BZ - 2244715 - CVE-2023-45862 kernel: drivers/usb/storage/ene_ub6250.c
  • BZ - 2245514 - CVE-2023-4921 kernel: use-after-free in sch_qfq network scheduler
  • BZ - 2246944 - CVE-2023-46813 kernel: SEV-ES local priv escalation
  • BZ - 2246945 - CVE-2023-5717 kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list
  • BZ - 2253614 - CVE-2023-6610 kernel: OOB Access in smb2_dump_detail
  • BZ - 2253908 - CVE-2024-0646 kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
  • BZ - 2254052 - CVE-2023-6536 kernel: NULL pointer dereference in __nvmet_req_complete
  • BZ - 2254053 - CVE-2023-6535 kernel: NULL pointer dereference in nvmet_tcp_execute_request
  • BZ - 2254054 - CVE-2023-6356 kernel: NULL pointer dereference in nvmet_tcp_build_iovec
  • BZ - 2255139 - CVE-2023-6817 kernel: inactive elements in nft_pipapo_walk
  • BZ - 2255283 - CVE-2023-6932 kernel: use-after-free in IPv4 IGMP

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started