drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Linux
| Name: |
Mehrere Probleme in Linux |
|
| ID: |
RHSA-2025:2490 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4) |
|
| Datum: |
Mo, 10. März 2025, 21:57 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2281235
https://bugzilla.redhat.com/show_bug.cgi?id=2267797
https://bugzilla.redhat.com/show_bug.cgi?id=2329370
https://bugzilla.redhat.com/show_bug.cgi?id=2265833
https://bugzilla.redhat.com/show_bug.cgi?id=2282918
https://access.redhat.com/security/cve/CVE-2023-52922
https://access.redhat.com/security/cve/CVE-2024-26744
https://access.redhat.com/security/cve/CVE-2023-52615
https://bugzilla.redhat.com/show_bug.cgi?id=2334412
https://access.redhat.com/security/cve/CVE-2024-35801
https://access.redhat.com/security/cve/CVE-2024-26603
https://access.redhat.com/security/cve/CVE-2024-53197
https://access.redhat.com/security/cve/CVE-2024-50302
https://access.redhat.com/security/cve/CVE-2021-47497
https://access.redhat.com/security/cve/CVE-2023-52520
https://bugzilla.redhat.com/show_bug.cgi?id=2270093
https://access.redhat.com/security/cve/CVE-2024-43830
https://access.redhat.com/errata/RHSA-2025:2490
https://bugzilla.redhat.com/show_bug.cgi?id=2273260
https://bugzilla.redhat.com/show_bug.cgi?id=2327169 |
|
| Applikationen: |
Linux |
|
Originalnachricht |
An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended
Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
* kernel: x86/fpu: Stop relying on userspace for info to fault in xsave buffer
that cause loop forever (CVE-2024-26603)
* kernel: platform/x86: think-lmi: Fix reference leak (CVE-2023-52520)
* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng
(CVE-2023-52615)
* kernel: RDMA/srpt: Support specifying the srpt_service_guid parameter
(CVE-2024-26744)
* kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)
* kernel: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
(CVE-2021-47497)
* kernel: leds: trigger: Unregister sysfs attributes before calling
deactivate() (CVE-2024-43830)
* kernel: HID: core: zero-initialize the report buffer (CVE-2024-50302)
* kernel: can: bcm: Fix UAF in bcm_proc_show() (CVE-2023-52922)
* kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and
Mbox devices (CVE-2024-53197)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2021-47497: Out-of-bounds Read (CWE-125)
CVE-2023-52520
CVE-2023-52615: Uncontrolled Resource Consumption (CWE-400)
CVE-2023-52922: Use After Free (CWE-416)
CVE-2024-26603: Loop with Unreachable Exit Condition ('Infinite Loop')
(CWE-835)
CVE-2024-26744: NULL Pointer Dereference (CWE-476)
CVE-2024-35801
CVE-2024-43830: Use After Free (CWE-416)
CVE-2024-50302: Use of Uninitialized Resource (CWE-908)
CVE-2024-53197
|
|
|
|
