Red Hat Security Advisory: kernel security and bug fix update
🔗 CVE IDs covered (36)
📋 Description
CVE-2022-49995 — kernel: writeback: avoid use-after-free after removing device CVE-2023-0458 — kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c CVE-2023-1073 — kernel: HID: check empty report_list in hid_validate_values() CVE-2023-1075 — kernel: net/tls: tls_is_tx_ready() checked list_entry CVE-2023-1079 — kernel: hid: Use After Free in asus_remove() CVE-2023-1838 — kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend() CVE-2023-1855 — kernel: use-after-free bug in remove function xgene_hwmon_remove CVE-2023-2162 — kernel: UAF during login when accessing the shost ipaddress CVE-2023-2163 — kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-3141 — kernel: Use after free bug in r592_remove CVE-2023-3567 — kernel: use after free in vcs_read in drivers/tty/vt/vc_screen.c due to race CVE-2023-3611 — kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead CVE-2023-3772 — kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params() CVE-2023-3812 — kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags CVE-2023-4132 — kernel: smsusb: use-after-free caused by do_submit_urb() CVE-2023-4622 — kernel: use after free in unix_stream_sendpage CVE-2023-4623 — kernel: net/sched: sch_hfsc UAF CVE-2023-5178 — kernel: use after free in nvmet_tcp_free_crypto in NVMe CVE-2023-5717 — kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list CVE-2023-23455 — Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion CVE-2023-26545 — kernel: mpls: double free on sysctl allocation failure CVE-2023-28328 — kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c CVE-2023-31436 — kernel: out-of-bounds write in qfq_change_class function CVE-2023-33203 — kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove() CVE-2023-35823 — kernel: saa7134: race condition leading to use-after-free in saa7134_finidev() CVE-2023-35824 — kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c() CVE-2023-35825 — kernel: r592: race condition leading to use-after-free in r592_remove() CVE-2023-45871 — kernel: IGB driver inadequate buffer size for frames larger than MTU CVE-2023-46813 — kernel: SEV-ES local priv escalation CVE-2023-52973 — kernel: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF CVE-2023-52974 — kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress CVE-2023-52975 — kernel: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress CVE-2023-53147 — kernel: xfrm: add NULL check in xfrm_update_ae_params CVE-2023-53296 — kernel: sctp: check send stream number after wait_for_sndbuf CVE-2023-53372 — kernel: sctp: fix a potential overflow in sctp_ifwdtsn_skip CVE-2023-53996 — kernel: x86/sev: Make enc_dec_hypercall() accept a size instead of npages
🔗 References (32)
- selfhttps://access.redhat.com/errata/RHSA-2024:0575
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2087568
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2168332
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173403
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173434
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173444
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2177389
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182443
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2184578
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2187773
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2192667
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2192671
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2193219
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2213199
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215835
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215836
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215837
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2218943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2221463
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2221707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2224048
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2225191
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2230094
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237757
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2237760
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2240249
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2244723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246944
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246945
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0575.json