Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:8162

Опубликовано: 25 окт. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: Local information disclosure on Intel(R) Atom(R) processors (CVE-2023-28746)

  • kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

  • kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)

  • kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (CVE-2024-35989)

  • kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47385)

  • kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

  • kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (CVE-2024-36978)

  • kernel: net/mlx5: Add a timeout to acquire the command queue semaphore (CVE-2024-38556)

  • kernel: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (CVE-2024-39483)

  • kernel: ionic: fix use after netif_napi_del() (CVE-2024-39502)

  • kernel: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CVE-2024-40959)

  • kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

  • kernel: sched: act_ct: take care of padding in struct zones_ht_key (CVE-2024-42272)

  • kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
bpftoolx86_64427.40.1.el9_4bpftool-7.3.0-427.40.1.el9_4.x86_64.rpm
kernelx86_64427.40.1.el9_4kernel-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-abi-stablelistsnoarch427.40.1.el9_4kernel-abi-stablelists-5.14.0-427.40.1.el9_4.noarch.rpm
kernel-corex86_64427.40.1.el9_4kernel-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debugx86_64427.40.1.el9_4kernel-debug-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-corex86_64427.40.1.el9_4kernel-debug-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modulesx86_64427.40.1.el9_4kernel-debug-modules-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modules-corex86_64427.40.1.el9_4kernel-debug-modules-core-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-modules-extrax86_64427.40.1.el9_4kernel-debug-modules-extra-5.14.0-427.40.1.el9_4.x86_64.rpm
kernel-debug-uki-virtx86_64427.40.1.el9_4kernel-debug-uki-virt-5.14.0-427.40.1.el9_4.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-47385
CVE-2023-28746
CVE-2023-52658
CVE-2024-27403
CVE-2024-35989
CVE-2024-36889
CVE-2024-36978
CVE-2024-38556
CVE-2024-39483
CVE-2024-39502
CVE-2024-40959
CVE-2024-42079
CVE-2024-42272
CVE-2024-42284

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-8162

oracle-oval
8 месяцев назад

ELSA-2024-8162: kernel security update (MODERATE)

ubuntu логотип

CVE-2021-47385

CVSS3: 5.5
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multipline alignment]

redhat логотип

CVE-2021-47385

CVSS3: 4.4
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multipline alignment]

nvd логотип

CVE-2021-47385

CVSS3: 5.5
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field If driver read val value sufficient for (val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7)) from device then Null pointer dereference occurs. (It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers) Also lm75[] does not serve a purpose anymore after switching to devm_i2c_new_dummy_device() in w83791d_detect_subclients(). The patch fixes possible NULL pointer dereference by removing lm75[]. Found by Linux Driver Verification project (linuxtesting.org). [groeck: Dropped unnecessary continuation lines, fixed multipline alignment]

debian логотип

CVE-2021-47385

CVSS3: 5.5
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: h ...