Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:10281

Опубликовано: 19 дек. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel:4.18.0 security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: media: edia: dvbdev: fix a use-after-free (CVE-2024-27043)

  • kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399)

  • kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)

  • kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64553.30.1.el8_10bpftool-4.18.0-553.30.1.el8_10.x86_64.rpm
kernelx86_64553.30.1.el8_10kernel-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-abi-stablelistsnoarch553.30.1.el8_10kernel-abi-stablelists-4.18.0-553.30.1.el8_10.noarch.rpm
kernel-corex86_64553.30.1.el8_10kernel-core-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-cross-headersx86_64553.30.1.el8_10kernel-cross-headers-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debugx86_64553.30.1.el8_10kernel-debug-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-corex86_64553.30.1.el8_10kernel-debug-core-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-develx86_64553.30.1.el8_10kernel-debug-devel-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64553.30.1.el8_10kernel-debuginfo-common-x86_64-4.18.0-553.30.1.el8_10.x86_64.rpm
kernel-debug-modulesx86_64553.30.1.el8_10kernel-debug-modules-4.18.0-553.30.1.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-27043
CVE-2024-27399
CVE-2024-38564
CVE-2024-46858

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-10281

oracle-oval
7 месяцев назад

ELSA-2024-10281: kernel:4.18.0 security update (MODERATE)

ubuntu логотип

CVE-2024-27043

CVSS3: 7.8
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

redhat логотип

CVE-2024-27043

CVSS3: 5.2
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

nvd логотип

CVE-2024-27043

CVSS3: 7.8
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

debian логотип

CVE-2024-27043

CVSS3: 7.8
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: m ...