Red Hat Security Advisory: kernel security and bug fix update
🔗 CVE IDs covered (52)
📋 Description
CVE-2022-0854 — kernel: swiotlb information leak with DMA_FROM_DEVICE CVE-2022-1016 — kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM CVE-2022-1679 — kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges CVE-2022-3028 — kernel: race condition in xfrm_probe_algs can lead to OOB read/write CVE-2022-3522 — kernel: race condition in hugetlb_no_page() in mm/hugetlb.c CVE-2022-3567 — kernel: data races around sk->sk_prot CVE-2022-3628 — kernel: USB-accessible buffer overflow in brcmfmac CVE-2022-4129 — kernel: l2tp: missing lock when clearing sk_user_data can lead to NULL pointer dereference CVE-2022-20141 — kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets CVE-2022-30594 — kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option CVE-2022-40982 — hw: Intel: Gather Data Sampling (GDS) side channel vulnerability CVE-2022-41218 — kernel: Report vmalloc UAF in dvb-core/dmxdev CVE-2022-41858 — kernel: null-ptr-deref vulnerabilities in sl_tx_timeout in drivers/net/slip CVE-2022-43750 — kernel: memory corruption in usbmon driver CVE-2022-47929 — kernel: NULL pointer dereference in traffic control subsystem CVE-2022-50083 — kernel: ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h CVE-2022-50179 — kernel: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb CVE-2023-0394 — kernel: NULL pointer dereference in rawv6_push_pending_frames CVE-2023-1073 — kernel: HID: check empty report_list in hid_validate_values() CVE-2023-1079 — kernel: hid: Use After Free in asus_remove() CVE-2023-1192 — kernel: use-after-free in smb2_is_status_io_timeout() CVE-2023-1195 — kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c CVE-2023-1382 — kernel: denial of service in tipc_conn_close CVE-2023-1838 — kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() CVE-2023-1855 — kernel: use-after-free bug in remove function xgene_hwmon_remove CVE-2023-1998 — kernel: Spectre v2 SMT mitigations problem CVE-2023-2162 — kernel: UAF during login when accessing the shost ipaddress CVE-2023-2163 — kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-2194 — kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() CVE-2023-2513 — kernel: ext4: use-after-free in ext4_xattr_set_entry() CVE-2023-3161 — kernel: fbcon: shift-out-of-bounds in fbcon_set_font() CVE-2023-3268 — kernel: out-of-bounds access in relay_file_read CVE-2023-3567 — kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race CVE-2023-3611 — kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead CVE-2023-3772 — kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() CVE-2023-3812 — kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags CVE-2023-4459 — kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() CVE-2023-4622 — kernel: use after free in unix_stream_sendpage CVE-2023-4623 — kernel: net/sched: sch_hfsc UAF CVE-2023-4732 — kernel: Race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode BUG in include/linux/swapops.h CVE-2023-5178 — kernel: use after free in nvmet_tcp_free_crypto in NVMe CVE-2023-23454 — kernel: slab-out-of-bounds read vulnerabilities in cbq_classify CVE-2023-26545 — kernel: mpls: double free on sysctl allocation failure CVE-2023-31436 — kernel: out-of-bounds write in qfq_change_class function CVE-2023-33203 — kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() CVE-2023-35823 — kernel: saa7134: race condition leading to use-after-free in saa7134_finidev() CVE-2023-35824 — kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c() CVE-2023-38409 — kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment CVE-2023-42753 — kernel: netfilter: potential slab-out-of-bound access due to integer underflow CVE-2023-45871 — kernel: IGB driver inadequate buffer size for frames larger than MTU CVE-2023-53015 — kernel: HID: betop: check shape of output reports CVE-2024-0562 — kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c
🔗 References (54)
- selfhttps://access.redhat.com/errata/RHSA-2024:0412
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/solutions/7027704
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2058395
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2066614
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2084125
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2085300
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2087568
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2114937
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2122228
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2122960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134528
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2143943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2144379
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150979
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2151270
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2154171
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2154178
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2162120
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168246
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168297
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173403
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173444
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177371
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182443
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184578
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2187257
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2187773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2188396
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2192667
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2192671
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2193097
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2213485
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215836
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2218943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2219268
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2221463
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2223949
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2224048
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2225191
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230042
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230094
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2236982
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237760
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239843
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2240249
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2244723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2258475
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0412.json