An update for kernel is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
* kernel: GSM multiplexing race condition leads to privilege escalation
(CVE-2023-6546)
* kernel: multiple use-after-free vulnerabilities (CVE-2024-1086,
CVE-2023-3567, CVE-2023-4133, CVE-2023-6932, CVE-2023-39198, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2024-1085, CVE-2024-26582)
* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an
impersonation attack (CVE-2020-26555)
* kernel: memcg does not limit the number of POSIX file locks allowing memory
exhaustion (CVE-2022-0480)
* kernel: multiple NULL pointer dereference vulnerabilities (CVE-2022-38096,
CVE-2023-6622, CVE-2023-6915, CVE-2023-42754, CVE-2023-46862, CVE-2023-52574, CVE-2024-0841, CVE-2023-52448)
* kernel: integer overflow in l2cap_config_req() in net/bluetooth/l2cap_core.c
(CVE-2022-45934)
* kernel: netfilter: nf_tables: out-of-bounds access in nf_tables_newtable()
(CVE-2023-6040)
* kernel: GC's deletion of an SKB races with unix_stream_read_generic()
leading to UAF (CVE-2023-6531)
* kernel: Out of boundary write in perf_read_group() as result of overflow a
perf_event's read_size (CVE-2023-6931)
* kernel: Bluetooth Forward and Future Secrecy Attacks and Defenses
(CVE-2023-24023)
* kernel: irdma: Improper access control (CVE-2023-25775)
* Kernel: double free in hci_conn_cleanup of the bluetooth subsystem
(CVE-2023-28464)
* kernel: Bluetooth: HCI: global out-of-bounds access in
net/bluetooth/hci_sync.c (CVE-2023-28866)
* kernel: race condition between HCIUARTSETPROTO and HCIUARTGETPROTO in
hci_uart_tty_ioctl (CVE-2023-31083)
* kernel: multiple out-of-bounds read vulnerabilities (CVE-2023-37453,
CVE-2023-39189, CVE-2023-39193, CVE-2023-6121, CVE-2023-39194)
* kernel: netfilter: race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP
(CVE-2023-42756)
* kernel: lib/kobject.c vulnerable to fill_kobj_path out-of-bounds write
(CVE-2023-45863)
* kernel: smb: client: fix potential OOBs in smb2_parse_contexts()
(CVE-2023-52434)
* kernel: mm/sparsemem: fix race in accessing memory_section->usage
(CVE-2023-52489)
* kernel: net: fix possible store tearing in neigh_periodic_work()
(CVE-2023-52522)
* kernel: multiple memory leak vulnerabilities (CVE-2023-52529, CVE-2023-52581)
* kernel: net: bridge: data races indata-races in br_handle_frame_finish()
(CVE-2023-52578)
* kernel: net/core: kernel crash in ETH_P_1588 flow dissector (CVE-2023-52580)
* kernel: net/sched: act_ct: fix skb leak and crash on ooo frags
(CVE-2023-52610)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code
Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: tls: race between async notify and socket close (CVE-2024-26583)
* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)
* kernel: tls: race between tx work scheduling and socket close
(CVE-2024-26585)
* kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586)
* kernel: i2c: i801: Fix block process call transactions (CVE-2024-26593)
* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier
(CVE-2024-26602)
* kernel: netfilter: nf_tables: reject QUEUE/DROP verdict parameters
(CVE-2024-26609)
* kernel: local dos vulnerability in scatterwalk_copychunks (CVE-2023-6176)
* kernel: perf/x86/lbr: Filter vsyscall addresses (CVE-2023-52476)
* kernel: netfilter: nf_tables: disallow timeout for anonymous sets
(CVE-2023-52620)
* kernel: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in
ip6_tnl_parse_tlv_enc_lim() (CVE-2024-26633)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise
Linux 9.4 Release Notes linked from the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2020-26555: Uncontrolled Resource Consumption (CWE-400)
CVE-2022-0480: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2022-38096: NULL Pointer Dereference (CWE-476)
CVE-2022-45934: Integer Overflow or Wraparound (CWE-190)
CVE-2023-3567: Use After Free (CWE-416)
CVE-2023-4133: Use After Free (CWE-416)
CVE-2023-6040: Improper Restriction of Operations within the Bounds of a Memory
Buffer (CWE-119)
CVE-2023-6121: Out-of-bounds Read (CWE-125)
CVE-2023-6176
CVE-2023-6531: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2023-6546: Use After Free (CWE-416)
CVE-2023-6622: NULL Pointer Dereference (CWE-476)
CVE-2023-6915: NULL Pointer Dereference (CWE-476)
CVE-2023-6931: Out-of-bounds Write (CWE-787)
CVE-2023-6932: Use After Free (CWE-416)
CVE-2023-24023: Channel Accessible by Non-Endpoint (CWE-300)
CVE-2023-25775: Improper Access Control (CWE-284)
CVE-2023-28464: Double Free (CWE-415)
CVE-2023-28866: Out-of-bounds Read (CWE-125)
CVE-2023-31083
CVE-2023-37453: Out-of-bounds Read (CWE-125)
CVE-2023-39189: Out-of-bounds Read (CWE-125)
CVE-2023-39193: Out-of-bounds Read (CWE-125)
CVE-2023-39194: Out-of-bounds Read (CWE-125)
CVE-2023-39198: Use After Free (CWE-416)
CVE-2023-42754: NULL Pointer Dereference (CWE-476)
CVE-2023-42756: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2023-45863
CVE-2023-46862: NULL Pointer Dereference (CWE-476)
CVE-2023-51043: Use After Free (CWE-416)
CVE-2023-51779: Use After Free (CWE-416)
CVE-2023-51780: Use After Free (CWE-416)
CVE-2023-52434
CVE-2023-52448
CVE-2023-52476: Improper Resource Shutdown or Release (CWE-404)
CVE-2023-52489: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2023-52522: Improper Input Validation (CWE-20)
CVE-2023-52529: Transmission of Private Resources into a New Sphere
('Resource Leak') (CWE-402)
CVE-2023-52574: NULL Pointer Dereference (CWE-476)
CVE-2023-52578: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2023-52580: Incorrect Calculation of Buffer Size (CWE-131)
CVE-2023-52581: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2023-52610: Transmission of Private Resources into a New Sphere
('Resource Leak') (CWE-402)
CVE-2023-52620: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2024-0565: Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2024-0841
CVE-2024-1085: Use After Free (CWE-416)
CVE-2024-1086: Use After Free (CWE-416)
CVE-2024-26582: Use After Free (CWE-416)
CVE-2024-26583: Use After Free (CWE-416)
CVE-2024-26584: Return of Wrong Status Code (CWE-393)
CVE-2024-26585: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-26586
CVE-2024-26593
CVE-2024-26602
CVE-2024-26609: Use After Free (CWE-416)
CVE-2024-26633: Improper Input Validation (CWE-20)
|
