RHSA-2024:4211HighCVSS 7.3

Red Hat Security Advisory: kernel security and bug fix update

Published
July 2, 2024
Last Modified
June 29, 2026

🔗 CVE IDs covered (63)

📋 Description

CVE-2020-26555 — kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2021-46909 — kernel: PCI interrupt mapping cause oops CVE-2021-46972 — kernel: ovl: fix leaked dentry CVE-2021-47069 — kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry CVE-2021-47073 — kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios CVE-2021-47236 — kernel: net: cdc_eem: fix tx fixup skb leak CVE-2021-47310 — kernel: net: ti: fix UAF in tlan_remove_one CVE-2021-47311 — kernel: net: qcom/emac: fix UAF in emac_remove CVE-2021-47353 — kernel: udf: Fix NULL pointer dereference in udf_symlink function CVE-2021-47356 — kernel: mISDN: fix possible use-after-free in HFC_cleanup() CVE-2021-47456 — kernel: can: peak_pci: peak_pci_remove(): fix UAF CVE-2021-47495 — kernel: usbnet: sanity check for maxpacket CVE-2022-49057 — kernel: block: null_blk: end timed out poll request CVE-2023-5090 — kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs CVE-2023-52464 — kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c CVE-2023-52560 — kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() CVE-2023-52615 — kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng CVE-2023-52626 — kernel: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context CVE-2023-52667 — kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups CVE-2023-52669 — kernel: crypto: s390/aes - Fix buffer overread in CTR mode CVE-2023-52675 — kernel: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() CVE-2023-52686 — kernel: powerpc/powernv: Add a null pointer check in opal_event_init() CVE-2023-52700 — kernel: tipc: fix kernel warning when sending SYN message CVE-2023-52703 — kernel: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path CVE-2023-52781 — kernel: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' CVE-2023-52813 — kernel: crypto: pcrypt - Fix hungtask for PADATA_RESET CVE-2023-52835 — kernel: perf/core: Bail out early if the request AUX area is out of bound CVE-2023-52877 — kernel: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() CVE-2023-52878 — kernel: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds CVE-2023-52881 — kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number CVE-2024-26583 — kernel: tls: race between async notify and socket close CVE-2024-26584 — kernel: tls: handle backlogging of crypto requests CVE-2024-26585 — kernel: tls: race between tx work scheduling and socket close CVE-2024-26656 — kernel: drm/amdgpu: use-after-free vulnerability CVE-2024-26675 — kernel: ppp_async: limit MRU to 64K CVE-2024-26735 — kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref CVE-2024-26759 — kernel: mm/swap: fix race when skipping swapcache CVE-2024-26801 — kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26804 — kernel: net: ip_tunnel: prevent perpetual headroom growth CVE-2024-26826 — kernel: mptcp: fix data re-injection from stale subflow CVE-2024-26859 — kernel: net/bnx2x: Prevent access to a freed page in page_pool CVE-2024-26906 — kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() CVE-2024-26907 — kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment CVE-2024-26974 — kernel: crypto: qat - resolve race condition during AER recovery CVE-2024-26982 — kernel: Squashfs: check the inode number is not the invalid value of zero CVE-2024-27397 — kernel: netfilter: nf_tables: use timestamp to check for set element timeout CVE-2024-27410 — kernel: wifi: nl80211: reject iftype change with mesh ID change CVE-2024-35789 — kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes CVE-2024-35835 — kernel: net/mlx5e: fix a double-free in arfs_create_groups CVE-2024-35838 — kernel: wifi: mac80211: fix potential sta-link leak CVE-2024-35845 — kernel: wifi: iwlwifi: dbg-tlv: ensure NUL termination CVE-2024-35852 — kernel: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work CVE-2024-35853 — kernel: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash CVE-2024-35854 — kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash CVE-2024-35855 — kernel: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update CVE-2024-35888 — kernel: erspan: make sure erspan_base_hdr is present in skb->head CVE-2024-35890 — kernel: gro: fix ownership transfer CVE-2024-35958 — kernel: net: ena: Fix incorrect descriptor free behavior CVE-2024-35959 — kernel: net/mlx5e: Fix mlx5e_priv_init() cleanup flow CVE-2024-35960 — kernel: net/mlx5: Properly link new fs rules into the tree CVE-2024-36004 — kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue CVE-2024-36007 — kernel: mlxsw: spectrum_acl_tcam: Fix warning during rehash CVE-2024-42159 — kernel: scsi: mpi3mr: Sanitise num_phys

🔗 References (64)