RHSA-2024:0724HighCVSS 7.8

Red Hat Security Advisory: kernel security and bug fix update

Published
February 7, 2024
Last Modified
June 29, 2026

🔗 CVE IDs covered (57)

📋 Description

CVE-2021-3640 — kernel: use-after-free vulnerability in function sco_sock_sendmsg() CVE-2021-4204 — kernel: improper input validation may lead to privilege escalation CVE-2021-30002 — kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c CVE-2021-34866 — kernel: eBPF verification flaw CVE-2022-0168 — kernel: smb2_ioctl_query_info NULL pointer dereference CVE-2022-0500 — kernel: Linux ebpf logic vulnerability leads to critical memory read and write gaining root privileges CVE-2022-0617 — kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback CVE-2022-1462 — kernel: possible race condition in drivers/tty/tty_buffers.c CVE-2022-2078 — kernel: buffer overflow in nft_set_desc_concat_parse() CVE-2022-2586 — kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation CVE-2022-2663 — kernel: netfilter: nf_conntrack_irc message handling issue CVE-2022-3524 — kernel: memory leak in ipv6_renew_options() CVE-2022-3545 — kernel: nfp: use-after-free in area_cache_get() CVE-2022-3566 — kernel: data races around icsk->icsk_af_ops in do_ipv6_setsockopt CVE-2022-3594 — kernel: Rate limit overflow messages in r8152 in intr_callback CVE-2022-3619 — kernel: memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c CVE-2022-3623 — kernel: denial of service in follow_page_pte in mm/gup.c due to poisoned pte entry CVE-2022-3707 — kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed CVE-2022-21499 — kernel: possible to use the debugger to write zero into a location of choice CVE-2022-23222 — kernel: local privileges escalation in kernel/bpf/verifier.c CVE-2022-24448 — kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR CVE-2022-25265 — kernel: Executable Space Protection Bypass CVE-2022-28388 — kernel: double free in usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c CVE-2022-28390 — kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c CVE-2022-28893 — kernel: use after free in SUNRPC subsystem CVE-2022-36946 — kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c CVE-2022-39189 — kernel: TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED leading to guest malfunctioning CVE-2022-45887 — kernel: memory leak in ttusb_dec_exit_dvb() in media/usb/ttusb-dec/ttusb_dec.c CVE-2022-49908 — kernel: Bluetooth: L2CAP: Fix memory leak in vhci_write CVE-2022-50213 — kernel: netfilter: nf_tables: do not allow SET_ID to refer to another table CVE-2022-50272 — kernel: media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() CVE-2023-0458 — kernel: speculative pointer dereference in do_prlimit() in kernel/sys.c CVE-2023-1075 — kernel: net/tls: tls_is_tx_ready() checked list_entry CVE-2023-1252 — kernel: ovl: fix use after free in struct ovl_aio_req CVE-2023-1989 — kernel: Use after free bug in btsdio_remove due to race condition CVE-2023-2166 — kernel: NULL pointer dereference in can_rcv_filter CVE-2023-2176 — kernel: Slab-out-of-bound read in compare_netdev_and_ip CVE-2023-3141 — kernel: Use after free bug in r592_remove CVE-2023-4132 — kernel: smsusb: use-after-free caused by do_submit_urb() CVE-2023-4921 — kernel: use-after-free in sch_qfq network scheduler CVE-2023-5717 — kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list CVE-2023-6356 — kernel: NULL pointer dereference in nvmet_tcp_build_iovec CVE-2023-6535 — kernel: NULL pointer dereference in nvmet_tcp_execute_request CVE-2023-6536 — kernel: NULL pointer dereference in __nvmet_req_complete CVE-2023-6610 — kernel: OOB Access in smb2_dump_detail CVE-2023-6817 — kernel: inactive elements in nft_pipapo_walk CVE-2023-6932 — kernel: use-after-free in IPv4 IGMP CVE-2023-20569 — amd: Return Address Predictor vulnerability leading to information disclosure CVE-2023-23455 — Kernel: denial of service in atm_tc_enqueue in net/sched/sch_atm.c due to type confusion CVE-2023-28328 — kernel: Denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c CVE-2023-28772 — kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow CVE-2023-35825 — kernel: r592: race condition leading to use-after-free in r592_remove() CVE-2023-40283 — kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c CVE-2023-45862 — kernel: drivers/usb/storage/ene_ub6250.c CVE-2023-46813 — kernel: SEV-ES local priv escalation CVE-2023-54270 — kernel: media: usb: siano: Fix use after free bugs caused by do_submit_urb CVE-2024-0646 — kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

🔗 References (56)