Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: RHSA-2024:4740
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux BaseOS EUS (v.8.8), Red Hat CodeReady Linux Builder EUS (v.8.8)
Datum: Mi, 24. Juli 2024, 06:47
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2213802
https://bugzilla.redhat.com/show_bug.cgi?id=2281920
https://bugzilla.redhat.com/show_bug.cgi?id=2267787
https://access.redhat.com/errata/RHSA-2024:4740
https://access.redhat.com/security/cve/CVE-2024-26804
https://bugzilla.redhat.com/show_bug.cgi?id=2273278
https://bugzilla.redhat.com/show_bug.cgi?id=2282472
https://access.redhat.com/security/cve/CVE-2024-26598
https://access.redhat.com/security/cve/CVE-2023-52639
https://bugzilla.redhat.com/show_bug.cgi?id=2273080
https://access.redhat.com/security/cve/CVE-2023-52530
https://access.redhat.com/security/cve/CVE-2023-4155
https://bugzilla.redhat.com/show_bug.cgi?id=2281821
https://bugzilla.redhat.com/show_bug.cgi?id=2272692
https://bugzilla.redhat.com/show_bug.cgi?id=2281925
https://access.redhat.com/security/cve/CVE-2023-1989
https://access.redhat.com/security/cve/CVE-2023-52667
https://bugzilla.redhat.com/show_bug.cgi?id=2273423
https://access.redhat.com/security/cve/CVE-2021-47310
https://access.redhat.com/security/cve/CVE-2021-47311
https://access.redhat.com/security/cve/CVE-2021-47548
https://bugzilla.redhat.com/show_bug.cgi?id=2185945
https://access.redhat.com/security/cve/CVE-2024-35937
https://bugzilla.redhat.com/show_bug.cgi?id=2282471
https://bugzilla.redhat.com/show_bug.cgi?id=2283401
https://access.redhat.com/security/cve/CVE-2024-35960
https://access.redhat.com/security/cve/CVE-2024-35958
https://bugzilla.redhat.com/show_bug.cgi?id=2265801
https://access.redhat.com/security/cve/CVE-2024-26656
https://bugzilla.redhat.com/show_bug.cgi?id=2280434
https://bugzilla.redhat.com/show_bug.cgi?id=2281350
https://access.redhat.com/security/cve/CVE-2024-26801
https://access.redhat.com/security/cve/CVE-2024-27397
https://access.redhat.com/security/cve/CVE-2024-26735
https://bugzilla.redhat.com/show_bug.cgi?id=2273429
Applikationen: Linux

Originalnachricht

 
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended
 Update Support.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
 system.

Security Fix(es):

* kernel: Use after free bug in btsdio_remove due to race condition
 (CVE-2023-1989)

* kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability
 (CVE-2023-4155)

* kernel: kvm: Avoid potential UAF in LPI translation cache (CVE-2024-26598)

* kernel: wifi: mac80211: fix potential key use-after-free (CVE-2023-52530)

* kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

* kernel: KVM: s390: vsie: fix race during shadow creation (CVE-2023-52639)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref
 (CVE-2024-26735)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
 (CVE-2024-26801)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout
 (CVE-2024-27397)

* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups
 (CVE-2023-52667)

* kernel: wifi: cfg80211: check A-MSDU format more carefully (CVE-2024-35937)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: net: qcom/emac: fix UAF in emac_remove (CVE-2021-47311)

* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

* kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array
 overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-47310: Use After Free (CWE-416)
CVE-2021-47311: Use After Free (CWE-416)
CVE-2021-47548: Improper Validation of Array Index (CWE-129)
CVE-2023-1989: Use After Free (CWE-416)
CVE-2023-4155: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
CVE-2023-52530: Use After Free (CWE-416)
CVE-2023-52639: Concurrent Execution using Shared Resource with Improper
 Synchronization ('Race Condition') (CWE-362)
CVE-2023-52667
CVE-2024-26598: Use After Free (CWE-416)
CVE-2024-26656: Use After Free (CWE-416)
CVE-2024-26735: NULL Pointer Dereference (CWE-476)
CVE-2024-26801
CVE-2024-26804
CVE-2024-27397
CVE-2024-35937
CVE-2024-35958
CVE-2024-35960
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung