Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: RHSA-2024:4823
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream EUS (v.9.2), Red Hat Enterprise Linux BaseOS EUS (v.9.2), Red Hat CodeReady Linux Builder EUS (v.9.2)
Datum: Do, 25. Juli 2024, 07:13
Referenzen: https://access.redhat.com/security/cve/CVE-2024-36904
https://bugzilla.redhat.com/show_bug.cgi?id=2265285
https://bugzilla.redhat.com/show_bug.cgi?id=2281672
https://access.redhat.com/security/cve/CVE-2024-26810
https://bugzilla.redhat.com/show_bug.cgi?id=2293316
https://bugzilla.redhat.com/show_bug.cgi?id=2273174
https://access.redhat.com/security/cve/CVE-2024-26773
https://bugzilla.redhat.com/show_bug.cgi?id=2273654
https://bugzilla.redhat.com/show_bug.cgi?id=2245663
https://access.redhat.com/security/cve/CVE-2024-26925
https://bugzilla.redhat.com/show_bug.cgi?id=2293687
https://bugzilla.redhat.com/show_bug.cgi?id=2272797
https://bugzilla.redhat.com/show_bug.cgi?id=2284598
https://bugzilla.redhat.com/show_bug.cgi?id=2262241
https://access.redhat.com/security/cve/CVE-2023-52578
https://access.redhat.com/security/cve/CVE-2024-35791
https://access.redhat.com/security/cve/CVE-2024-36025
https://bugzilla.redhat.com/show_bug.cgi?id=2133451
https://bugzilla.redhat.com/show_bug.cgi?id=2133453
https://access.redhat.com/security/cve/CVE-2024-26908
https://access.redhat.com/security/cve/CVE-2024-27065
https://access.redhat.com/security/cve/CVE-2024-35899
https://bugzilla.redhat.com/show_bug.cgi?id=2278245
https://bugzilla.redhat.com/show_bug.cgi?id=2273236
https://access.redhat.com/security/cve/CVE-2023-33951
https://access.redhat.com/security/cve/CVE-2024-35950
https://bugzilla.redhat.com/show_bug.cgi?id=2278337
https://bugzilla.redhat.com/show_bug.cgi?id=2281667
https://access.redhat.com/security/cve/CVE-2024-27019
https://bugzilla.redhat.com/show_bug.cgi?id=2281097
https://access.redhat.com/security/cve/CVE-2024-1151
https://bugzilla.redhat.com/show_bug.cgi?id=2278258
https://bugzilla.redhat.com/show_bug.cgi?id=2284421
https://bugzilla.redhat.com/show_bug.cgi?id=2275744
https://bugzilla.redhat.com/show_bug.cgi?id=2278264
https://access.redhat.com/security/cve/CVE-2021-47459
https://bugzilla.redhat.com/show_bug.cgi?id=2275690
https://bugzilla.redhat.com/show_bug.cgi?id=2273117
https://access.redhat.com/security/cve/CVE-2023-52434
https://bugzilla.redhat.com/show_bug.cgi?id=2284541
https://bugzilla.redhat.com/show_bug.cgi?id=2281942
https://access.redhat.com/security/cve/CVE-2024-26668
https://access.redhat.com/security/cve/CVE-2024-38596
https://bugzilla.redhat.com/show_bug.cgi?id=2267799
https://access.redhat.com/security/cve/CVE-2024-27016
https://bugzilla.redhat.com/show_bug.cgi?id=2284506
https://access.redhat.com/security/cve/CVE-2023-52811
https://bugzilla.redhat.com/show_bug.cgi?id=2265649
https://access.redhat.com/security/cve/CVE-2024-36952
https://access.redhat.com/security/cve/CVE-2022-40133
https://bugzilla.redhat.com/show_bug.cgi?id=2278250
https://access.redhat.com/security/cve/CVE-2024-26704
https://bugzilla.redhat.com/show_bug.cgi?id=2278380
https://access.redhat.com/security/cve/CVE-2024-26929
https://access.redhat.com/security/cve/CVE-2024-26880
https://access.redhat.com/security/cve/CVE-2024-27417
https://access.redhat.com/security/cve/CVE-2023-52707
https://bugzilla.redhat.com/show_bug.cgi?id=2277171
https://access.redhat.com/security/cve/CVE-2022-38457
https://bugzilla.redhat.com/show_bug.cgi?id=2278256
https://access.redhat.com/security/cve/CVE-2023-52450
https://bugzilla.redhat.com/show_bug.cgi?id=2133455
https://access.redhat.com/security/cve/CVE-2024-26982
https://access.redhat.com/security/cve/CVE-2024-26923
https://bugzilla.redhat.com/show_bug.cgi?id=2282615
https://access.redhat.com/security/cve/CVE-2024-35897
https://bugzilla.redhat.com/show_bug.cgi?id=2273270
https://access.redhat.com/security/cve/CVE-2022-36402
https://bugzilla.redhat.com/show_bug.cgi?id=2281052
https://bugzilla.redhat.com/show_bug.cgi?id=2282743
https://access.redhat.com/security/cve/CVE-2024-27020
https://bugzilla.redhat.com/show_bug.cgi?id=2218195
https://bugzilla.redhat.com/show_bug.cgi?id=2293371
https://access.redhat.com/security/cve/CVE-2024-36978
https://bugzilla.redhat.com/show_bug.cgi?id=2265185
https://access.redhat.com/security/cve/CVE-2024-36489
https://bugzilla.redhat.com/show_bug.cgi?id=2267758
https://access.redhat.com/errata/RHSA-2024:4823
https://access.redhat.com/security/cve/CVE-2023-52518
https://bugzilla.redhat.com/show_bug.cgi?id=2282898
https://access.redhat.com/security/cve/CVE-2023-33952
https://access.redhat.com/security/cve/CVE-2024-26581
https://access.redhat.com/security/cve/CVE-2024-26739
https://access.redhat.com/security/cve/CVE-2023-52439
https://access.redhat.com/security/cve/CVE-2024-36924
https://bugzilla.redhat.com/show_bug.cgi?id=2293078
https://access.redhat.com/security/cve/CVE-2022-48743
https://bugzilla.redhat.com/show_bug.cgi?id=2265271
https://access.redhat.com/security/cve/CVE-2024-26808
https://bugzilla.redhat.com/show_bug.cgi?id=2277166
https://access.redhat.com/security/cve/CVE-2024-26698
https://access.redhat.com/security/cve/CVE-2024-26931
https://bugzilla.redhat.com/show_bug.cgi?id=2218212
https://bugzilla.redhat.com/show_bug.cgi?id=2273405
https://access.redhat.com/security/cve/CVE-2023-5633
Applikationen: Linux

Originalnachricht

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended
Update Support.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

* kernel: vmwgfx: multiple flaws (CVE-2022-36402, CVE-2022-40133,
CVE-2022-38457, CVE-2023-5633)

* kernel: nftables: (CVE-2024-26581)

* kernel: uio: (CVE-2023-52439)

* kernel: smb: (CVE-2023-52434)

* kernel: intel: (CVE-2023-52450)

* kernel: net: multiple flaws (CVE-2023-52578, CVE-2024-36978, CVE-2022-48743)

* kernel: Bluetooth: (CVE-2023-52518)

* kernel: netfilter: multiple flaws (CVE-2024-26668, CVE-2024-26808,
CVE-2024-26925, CVE-2024-27020, CVE-2024-27019, CVE-2024-27016, CVE-2024-27065, CVE-2024-35899, CVE-2024-35897)

* kernel: hv_netvsc: (CVE-2024-26698)

* kernel: ext4: multiple flaws (CVE-2024-26704, CVE-2024-26773)

* kernel: net/sched: (CVE-2024-26739)

* kernel: vfio/pci: (CVE-2024-26810)

* kernel: dm: (CVE-2024-26880)

* kernel: x86/xen: (CVE-2024-26908)

* kernel: af_unix: multiple flaws (CVE-2024-26923, CVE-2024-38596)

* kernel: scsi: multiple flaws (CVE-2024-26931, CVE-2024-26929, CVE-2023-52811,
CVE-2024-36025, CVE-2024-36924, CVE-2024-36952)

* kernel: Squashfs: (CVE-2024-26982)

* kernel: KVM: (CVE-2024-35791)

* kernel: ipv6: (CVE-2024-27417)

* kernel: drm/client: (CVE-2024-35950)

* kernel: sched/psi: (CVE-2023-52707)

* kernel: can: (CVE-2021-47459)

* kernel: tcp: (CVE-2024-36904)

* kernel: tls: (CVE-2024-36489)

* The kernel packages contain the Linux kernel, the core of any Linux operating
system.

* Security Fix(es):

* * kernel: vmwgfx: race condition leading to information disclosure
vulnerability (CVE-2023-33951,ZDI-23-707,ZDI-CAN-20110)

* * kernel: vmwgfx: double free within the handling of vmw_buffer_object
objects (CVE-2023-33952,ZDI-23-708,ZDI-CAN-20292)

* * kernel: stack overflow problem in Open vSwitch kernel module leading to DoS
(CVE-2024-1151)

* For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-47459: Use After Free (CWE-416)
CVE-2022-36402: Integer Overflow or Wraparound (CWE-190)
CVE-2022-38457: Use After Free (CWE-416)
CVE-2022-40133: Use After Free (CWE-416)
CVE-2022-48743: Buffer Underwrite ('Buffer Underflow') (CWE-124)
CVE-2023-5633: Use After Free (CWE-416)
CVE-2023-33951: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2023-33952: Double Free (CWE-415)
CVE-2023-52434
CVE-2023-52439: Use After Free (CWE-416)
CVE-2023-52450
CVE-2023-52518: Transmission of Private Resources into a New Sphere
('Resource Leak') (CWE-402)
CVE-2023-52578: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2023-52707: Use After Free (CWE-416)
CVE-2023-52811: NULL Pointer Dereference (CWE-476)
CVE-2024-1151: Stack-based Buffer Overflow (CWE-121)
CVE-2024-26581
CVE-2024-26668: Integer Overflow or Wraparound (CWE-190)
CVE-2024-26698: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-26704: Double Free (CWE-415)
CVE-2024-26739: Use After Free (CWE-416)
CVE-2024-26773: Improper Handling of Values (CWE-229)
CVE-2024-26808: Use After Free (CWE-416)
CVE-2024-26810: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-26880: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2024-26908: Unchecked Return Value to NULL Pointer Dereference (CWE-690)
CVE-2024-26923: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-26925: Improper Locking (CWE-667)
CVE-2024-26929
CVE-2024-26931
CVE-2024-26982
CVE-2024-27016
CVE-2024-27019
CVE-2024-27020
CVE-2024-27065
CVE-2024-27417
CVE-2024-35791
CVE-2024-35897
CVE-2024-35899
CVE-2024-35950
CVE-2024-36025: Out-of-bounds Write (CWE-787)
CVE-2024-36489
CVE-2024-36904: Use After Free (CWE-416)
CVE-2024-36924: Deadlock (CWE-833)
CVE-2024-36952: Incomplete Cleanup (CWE-459)
CVE-2024-36978
CVE-2024-38596
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung