Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: RHSA-2024:2621
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux BaseOS EUS (v.8.8), Red Hat CodeReady Linux Builder EUS (v.8.8)
Datum: Mi, 1. Mai 2024, 22:57
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2139610
https://access.redhat.com/security/cve/CVE-2021-33631
https://access.redhat.com/security/cve/CVE-2022-42895
https://access.redhat.com/security/cve/CVE-2024-25744
https://access.redhat.com/security/cve/CVE-2023-6546
https://bugzilla.redhat.com/show_bug.cgi?id=2261976
https://access.redhat.com/security/cve/CVE-2022-3640
https://bugzilla.redhat.com/show_bug.cgi?id=2255498
https://access.redhat.com/errata/RHSA-2024:2621
https://bugzilla.redhat.com/show_bug.cgi?id=2147356
Applikationen: Linux

Originalnachricht

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
(CVE-2022-3640)

* kernel: Information leak in l2cap_parse_conf_req in
net/bluetooth/l2cap_core.c (CVE-2022-42895)

* kernel: GSM multiplexing race condition leads to privilege escalation
(CVE-2023-6546,ZDI-CAN-20527)

* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)

* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)

Bug Fix(es):

* kernel: use after free flaw in l2cap_conn_del in net/bluetooth/l2cap_core.c
(JIRA:RHEL-18806)

* tx-checksumming required for accessing port in OpenShift for RHEL 8.6
(JIRA:RHEL-20821)

* ceph: several cap and snap fixes (JIRA:RHEL-20908)

* unable to access smsc95xx based interface unless you start outgoing traffic.
(JIRA:RHEL-25718)

* [RHEL8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:RHEL-26100)

* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:RHEL-26330)

* kernel: Information leak in l2cap_parse_conf_req in
net/bluetooth/l2cap_core.c (JIRA:RHEL-18808)

* kernel: GSM multiplexing race condition leads to privilege escalation
(JIRA:RHEL-19953)

Enhancement(s):

* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel
6.4 (JIRA:RHEL-25810)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-33631: Integer Overflow or Wraparound (CWE-190)
CVE-2022-3640: Use After Free (CWE-416)
CVE-2022-42895: Access of Uninitialized Pointer (CWE-824)
CVE-2023-6546: Use After Free (CWE-416)
CVE-2024-25744
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung