An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
* kernel: vmwgfx: multiple flaws (CVE-2022-36402, CVE-2022-40133, CVE-2022-38457, CVE-2023-5633)
* kernel: nftables: (CVE-2024-26581)
* kernel: uio: (CVE-2023-52439)
* kernel: smb: (CVE-2023-52434)
* kernel: intel: (CVE-2023-52450)
* kernel: net: multiple flaws (CVE-2023-52578, CVE-2024-36978, CVE-2022-48743)
* kernel: Bluetooth: (CVE-2023-52518)
* kernel: netfilter: multiple flaws (CVE-2024-26668, CVE-2024-26808, CVE-2024-26925, CVE-2024-27020, CVE-2024-27019, CVE-2024-27016, CVE-2024-27065, CVE-2024-35899, CVE-2024-35897)
* kernel: hv_netvsc: (CVE-2024-26698)
* kernel: ext4: multiple flaws (CVE-2024-26704, CVE-2024-26773)
* kernel: net/sched: (CVE-2024-26739)
* kernel: vfio/pci: (CVE-2024-26810)
* kernel: dm: (CVE-2024-26880)
* kernel: x86/xen: (CVE-2024-26908)
* kernel: af_unix: multiple flaws (CVE-2024-26923, CVE-2024-38596)
* kernel: scsi: multiple flaws (CVE-2024-26931, CVE-2024-26929, CVE-2023-52811, CVE-2024-36025, CVE-2024-36924, CVE-2024-36952)
* kernel: Squashfs: (CVE-2024-26982)
* kernel: KVM: (CVE-2024-35791)
* kernel: ipv6: (CVE-2024-27417)
* kernel: drm/client: (CVE-2024-35950)
* kernel: sched/psi: (CVE-2023-52707)
* kernel: can: (CVE-2021-47459)
* kernel: tcp: (CVE-2024-36904)
* kernel: tls: (CVE-2024-36489)
* The kernel packages contain the Linux kernel, the core of any Linux operating system.
* Security Fix(es):
* * kernel: vmwgfx: race condition leading to information disclosure vulnerability (CVE-2023-33951,ZDI-23-707,ZDI-CAN-20110)
* * kernel: vmwgfx: double free within the handling of vmw_buffer_object objects (CVE-2023-33952,ZDI-23-708,ZDI-CAN-20292)
* * kernel: stack overflow problem in Open vSwitch kernel module leading to DoS (CVE-2024-1151)
* For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2021-47459: Use After Free (CWE-416) CVE-2022-36402: Integer Overflow or Wraparound (CWE-190) CVE-2022-38457: Use After Free (CWE-416) CVE-2022-40133: Use After Free (CWE-416) CVE-2022-48743: Buffer Underwrite ('Buffer Underflow') (CWE-124) CVE-2023-5633: Use After Free (CWE-416) CVE-2023-33951: Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) CVE-2023-33952: Double Free (CWE-415) CVE-2023-52434 CVE-2023-52439: Use After Free (CWE-416) CVE-2023-52450 CVE-2023-52518: Transmission of Private Resources into a New Sphere ('Resource Leak') (CWE-402) CVE-2023-52578: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) CVE-2023-52707: Use After Free (CWE-416) CVE-2023-52811: NULL Pointer Dereference (CWE-476) CVE-2024-1151: Stack-based Buffer Overflow (CWE-121) CVE-2024-26581 CVE-2024-26668: Integer Overflow or Wraparound (CWE-190) CVE-2024-26698: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) CVE-2024-26704: Double Free (CWE-415) CVE-2024-26739: Use After Free (CWE-416) CVE-2024-26773: Improper Handling of Values (CWE-229) CVE-2024-26808: Use After Free (CWE-416) CVE-2024-26810: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) CVE-2024-26880: Improper Control of Resource Identifiers ('Resource Injection') (CWE-99) CVE-2024-26908: Unchecked Return Value to NULL Pointer Dereference (CWE-690) CVE-2024-26923: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) CVE-2024-26925: Improper Locking (CWE-667) CVE-2024-26929 CVE-2024-26931 CVE-2024-26982 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27065 CVE-2024-27417 CVE-2024-35791 CVE-2024-35897 CVE-2024-35899 CVE-2024-35950 CVE-2024-36025: Out-of-bounds Write (CWE-787) CVE-2024-36489 CVE-2024-36904: Use After Free (CWE-416) CVE-2024-36924: Deadlock (CWE-833) CVE-2024-36952: Incomplete Cleanup (CWE-459) CVE-2024-36978 CVE-2024-38596
|