Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Linux
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Linux
ID: RHSA-2024:9497
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream EUS (v.9.2), Red Hat Enterprise Linux BaseOS EUS (v.9.2), Red Hat CodeReady Linux Builder EUS (v.9.2)
Datum: Mi, 13. November 2024, 15:47
Referenzen: https://access.redhat.com/security/cve/CVE-2024-31076
https://bugzilla.redhat.com/show_bug.cgi?id=2315210
https://access.redhat.com/security/cve/CVE-2023-52522
https://bugzilla.redhat.com/show_bug.cgi?id=2270100
https://access.redhat.com/security/cve/CVE-2024-26870
https://access.redhat.com/security/cve/CVE-2024-26772
https://bugzilla.redhat.com/show_bug.cgi?id=2300408
https://access.redhat.com/security/cve/CVE-2024-42271
https://bugzilla.redhat.com/show_bug.cgi?id=2273242
https://bugzilla.redhat.com/show_bug.cgi?id=2272692
https://access.redhat.com/security/cve/CVE-2024-26640
https://access.redhat.com/security/cve/CVE-2024-46858
https://bugzilla.redhat.com/show_bug.cgi?id=2267795
https://access.redhat.com/security/cve/CVE-2024-26656
https://access.redhat.com/security/cve/CVE-2024-41039
https://bugzilla.redhat.com/show_bug.cgi?id=2275711
https://bugzilla.redhat.com/show_bug.cgi?id=2293684
https://access.redhat.com/errata/RHSA-2024:9497
https://bugzilla.redhat.com/show_bug.cgi?id=2275635
https://access.redhat.com/security/cve/CVE-2024-40931
https://access.redhat.com/security/cve/CVE-2024-26906
https://bugzilla.redhat.com/show_bug.cgi?id=2297515
Applikationen: Linux

Originalnachricht

 
An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended
 Update Support.

Red Hat Product Security has rated this update as having a security impact of
 Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
 system.

Security Fix(es):

* kernel: net: fix possible store tearing in neigh_periodic_work()
 (CVE-2023-52522)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

* kernel: ext4: avoid allocating blocks from corrupted group in
 ext4_mb_find_by_goal() (CVE-2024-26772)

* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
 (CVE-2024-26906)

* kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
 (CVE-2024-26870)

* kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
 (CVE-2024-31076)

* kernel: mptcp: ensure snd_una is properly initialized on connect
 (CVE-2024-40931)

* kernel: firmware: cs_dsp: Fix overflow checking of wmfw header
 (CVE-2024-41039)

* kernel: net/iucv: fix use after free in iucv_sock_close() (CVE-2024-42271)

* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

For more details about the security issue(s), including the impact, a CVSS
 score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-52522: Improper Input Validation (CWE-20)
CVE-2024-26640: Improper Input Validation (CWE-20)
CVE-2024-26656: Use After Free (CWE-416)
CVE-2024-26772: Improper Handling of Values (CWE-229)
CVE-2024-26870: Improper Input Validation (CWE-20)
CVE-2024-26906: Improper Input Validation (CWE-20)
CVE-2024-31076: Transmission of Private Resources into a New Sphere
 ('Resource Leak') (CWE-402)
CVE-2024-40931: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-41039: Heap-based Buffer Overflow (CWE-122)
CVE-2024-42271: Use After Free (CWE-416)
CVE-2024-46858: Use After Free (CWE-416)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung