RHSA-2024:5101HighCVSS 7.8

Red Hat Security Advisory: kernel security update

Published
August 8, 2024
Last Modified
June 29, 2026

🔗 CVE IDs covered (170)

CVE-2024-36952CVE-2023-52463CVE-2024-26669CVE-2024-26852CVE-2024-27434CVE-2024-35896CVE-2024-35910CVE-2024-36945CVE-2024-38555CVE-2021-47548CVE-2022-48743CVE-2024-26802CVE-2024-36000CVE-2024-38598CVE-2024-39472CVE-2024-39502CVE-2021-47461CVE-2023-52730CVE-2023-52834CVE-2024-36286CVE-2024-36960CVE-2024-26740CVE-2024-36005CVE-2024-36924CVE-2024-21823CVE-2023-52707CVE-2023-52764CVE-2024-36025CVE-2024-38538CVE-2024-39487CVE-2023-52451CVE-2024-27020CVE-2024-35962CVE-2024-26929 · pendingCVE-2024-35947CVE-2024-36978CVE-2024-26931CVE-2024-27395CVE-2024-31076CVE-2024-35924CVE-2024-36927CVE-2024-35824CVE-2021-47018CVE-2024-27025CVE-2024-33621CVE-2024-36016CVE-2022-50372CVE-2024-26660CVE-2024-26908 · pendingCVE-2024-27010CVE-2024-27011CVE-2024-36954CVE-2024-35899CVE-2023-52791CVE-2023-54114CVE-2024-26961CVE-2024-27065CVE-2024-39276CVE-2024-26940CVE-2024-35897CVE-2021-46939CVE-2021-47257CVE-2023-52648CVE-2023-52864CVE-2024-35952CVE-2021-47373CVE-2022-50495 · pendingCVE-2023-28746CVE-2023-52623CVE-2024-26772CVE-2024-35925CVE-2024-26958CVE-2023-52756 · pendingCVE-2023-52775CVE-2023-52784CVE-2024-26704CVE-2024-35946CVE-2024-36010CVE-2024-36889CVE-2024-35847CVE-2023-52486CVE-2023-52679CVE-2024-36950CVE-2024-39476CVE-2022-48747CVE-2024-36917CVE-2024-36270CVE-2024-36921CVE-2024-35930CVE-2024-35938CVE-2024-36896CVE-2024-36929CVE-2024-38575CVE-2024-38627CVE-2024-26614CVE-2024-2201CVE-2023-52469CVE-2023-52762CVE-2023-52845CVE-2023-52847CVE-2024-26853CVE-2024-35801CVE-2024-36979CVE-2024-26773CVE-2024-26843CVE-2024-27388CVE-2024-36940CVE-2024-38573CVE-2021-47491CVE-2024-26925CVE-2024-36905CVE-2023-53597CVE-2024-35912CVE-2024-35937CVE-2024-36904CVE-2024-36941CVE-2024-36971CVE-2024-38596CVE-2024-40927CVE-2021-47304CVE-2023-52619CVE-2024-26870CVE-2024-27019CVE-2024-35810CVE-2024-36020CVE-2024-35823CVE-2022-48632CVE-2023-52622CVE-2024-26810CVE-2024-35814CVE-2024-35876 · pendingCVE-2024-35900CVE-2024-35807CVE-2022-48757CVE-2023-52653CVE-2023-52796CVE-2023-52803CVE-2024-36489CVE-2021-47284CVE-2024-26586CVE-2024-26837CVE-2024-38615CVE-2023-52471CVE-2023-52658CVE-2023-52662CVE-2024-26640CVE-2024-26686CVE-2024-36006CVE-2024-36928CVE-2024-40974CVE-2024-26878CVE-2024-26921CVE-2024-35790CVE-2021-47579CVE-2021-47624CVE-2024-35893CVE-2021-47468CVE-2023-52530CVE-2023-52811CVE-2024-26733CVE-2024-26840CVE-2024-36017CVE-2024-36886CVE-2024-26960CVE-2024-25739CVE-2021-47408CVE-2023-52777CVE-2023-52832CVE-2024-26698CVE-2024-36933

📋 Description

CVE-2021-46939 — kernel: tracing: Restructure trace_clock_global() to never block CVE-2021-47018 — kernel: ensure definition of the fixmap area is in a limit CVE-2021-47257 — kernel: net: ieee802154: fix null deref in parse dev addr CVE-2021-47284 — kernel: isdn: mISDN: netjet: Fix crash in nj_probe CVE-2021-47304 — kernel: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized CVE-2021-47373 — kernel: irqchip/gic-v3-its: Fix potential VPE leak on error CVE-2021-47408 — kernel: netfilter: conntrack: serialize hash resizes and cleanups CVE-2021-47461 — kernel: userfaultfd: fix a race between writeprotect and exit_mmap() CVE-2021-47468 — kernel: isdn: mISDN: Fix sleeping function called from invalid context CVE-2021-47491 — kernel: mm: khugepaged: skip huge page collapse for special files CVE-2021-47548 — kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() CVE-2021-47579 — kernel: ovl: fix warning in ovl_create_real() CVE-2021-47624 — kernel: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change CVE-2022-48632 — kernel: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() CVE-2022-48743 — kernel: net: amd-xgbe: Fix skb data length underflow CVE-2022-48747 — kernel: block: Fix wrong offset in bio_truncate() CVE-2022-48757 — kernel: net: fix information leakage in /proc/net/ptype CVE-2022-50372 — kernel: cifs: Fix memory leak when build ntlmssp negotiate blob failed CVE-2022-50495 — kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() CVE-2023-28746 — kernel: Local information disclosure on Intel(R) Atom(R) processors CVE-2023-52451 — kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52463 — kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52469 — kernel: use-after-free in kv_parse_power_table CVE-2023-52471 — kernel: null pointer dereference issues in ice_ptp.c CVE-2023-52486 — kernel: drm: Don't unref the same fb many times by mistake due to deadlock handling CVE-2023-52530 — kernel: wifi: mac80211: fix potential key use-after-free CVE-2023-52619 — kernel: pstore/ram: Fix crash when setting number of cpus to an odd number CVE-2023-52622 — kernel: ext4: avoid online resizing failures due to oversized flex bg CVE-2023-52623 — kernel: SUNRPC: Fix a suspicious RCU usage warning CVE-2023-52648 — kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state CVE-2023-52653 — kernel: SUNRPC: fix a memleak in gss_import_v2_context CVE-2023-52658 — kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" CVE-2023-52662 — kernel: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node CVE-2023-52679 — kernel: of: Fix double free in of_parse_phandle_with_args_map CVE-2023-52707 — kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue() CVE-2023-52730 — kernel: mmc: sdio: fix possible resource leaks in some error paths CVE-2023-52756 — kernel: pwm: Fix double shift bug CVE-2023-52762 — kernel: virtio-blk: fix implicit overflow on virtio_max_dma_size CVE-2023-52764 — kernel: media: gspca: cpia1: shift-out-of-bounds in set_flicker CVE-2023-52775 — kernel: net/smc: avoid data corruption caused by decline CVE-2023-52777 — kernel: wifi: ath11k: fix gtk offload status event locking CVE-2023-52784 — kernel: bonding: stop the device in bond_setup_by_slave() CVE-2023-52791 — kernel: i2c: core: Run atomic i2c xfer when !preemptible CVE-2023-52796 — kernel: ipvlan: add ipvlan_route_v6_outbound() helper CVE-2023-52803 — kernel: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries CVE-2023-52811 — kernel: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool CVE-2023-52832 — kernel: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() CVE-2023-52834 — kernel: atl1c: Work around the DMA RX overflow issue CVE-2023-52845 — kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING CVE-2023-52847 — kernel: media: bttv: fix use after free error due to btv->timeout timer CVE-2023-52864 — kernel: platform/x86: wmi: Fix opening of char device CVE-2023-53597 — kernel: cifs: fix mid leak during reconnection after timeout threshold CVE-2023-54114 — kernel: Linux kernel: Denial of Service due to incorrect network packet processing in NSH module CVE-2024-2201 — hw: cpu: intel: Native Branch History Injection (BHI) CVE-2024-21823 — kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application CVE-2024-25739 — kernel: crash due to a missing check for leb_size CVE-2024-26586 — kernel: mlxsw: spectrum_acl_tcam: Fix stack corruption CVE-2024-26614 — kernel: tcp: make sure init the accept_queue's spinlocks once CVE-2024-26640 — kernel: tcp: add sanity checks to rx zerocopy CVE-2024-26660 — kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 CVE-2024-26669 — kernel: net/sched: flower: Fix chain template offload CVE-2024-26686 — kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats CVE-2024-26698 — kernel: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove CVE-2024-26704 — kernel: ext4: fix double-free of blocks due to wrong extents moved_len CVE-2024-26733 — kernel: arp: Prevent overflow in arp_req_get(). CVE-2024-26740 — kernel: net/sched: act_mirred: use the backlog for mirred ingress CVE-2024-26772 — kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() CVE-2024-26773 — kernel: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() CVE-2024-26802 — kernel: stmmac: Clear variable when destroying workqueue CVE-2024-26810 — kernel: vfio/pci: Lock external INTx masking ops CVE-2024-26837 — kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload CVE-2024-26840 — kernel: cachefiles: fix memory leak in cachefiles_add_cache() CVE-2024-26843 — kernel: efi: runtime: Fix potential overflow of soft-reserved region size CVE-2024-26852 — kernel: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() CVE-2024-26853 — kernel: igc: avoid returning frame twice in XDP_REDIRECT CVE-2024-26870 — kernel: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 CVE-2024-26878 — kernel: quota: Fix potential NULL pointer dereference CVE-2024-26908 — kernel: x86/xen: Add some null pointer checking to smp.c CVE-2024-26921 — kernel: inet: inet_defrag: prevent sk release while still in use CVE-2024-26925 — kernel: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path CVE-2024-26929 — kernel: scsi: qla2xxx: Fix double free of fcport CVE-2024-26931 — kernel: scsi: qla2xxx: Fix command flush on cable pull CVE-2024-26940 — kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed CVE-2024-26958 — kernel: nfs: fix UAF in direct writes CVE-2024-26960 — kernel: mm: swap: fix race between free_swap_and_cache() and swapoff() CVE-2024-26961 — kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del CVE-2024-27010 — kernel: net/sched: Fix mirred deadlock on device recursion CVE-2024-27011 — kernel: netfilter: nf_tables: fix memleak in map from abort path CVE-2024-27019 — kernel: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() CVE-2024-27020 — kernel: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() CVE-2024-27025 — kernel: nbd: null check for nla_nest_start CVE-2024-27065 — kernel: netfilter: nf_tables: do not compare internal table flags on updates CVE-2024-27388 — kernel: SUNRPC: fix some memleaks in gssx_dec_option_array CVE-2024-27395 — kernel: net: openvswitch: Fix Use-After-Free in ovs_ct_exit CVE-2024-27434 — kernel: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK CVE-2024-31076 — kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline CVE-2024-33621 — kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound CVE-2024-35790 — kernel: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group CVE-2024-35801 — kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD CVE-2024-35807 — kernel: ext4: fix corruption during on-line resize CVE-2024-35810 — kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory CVE-2024-35814 — kernel: swiotlb: Fix double-allocation of slots due to broken alignment handling CVE-2024-35823 — kernel: vt: fix unicode buffer corruption when deleting characters CVE-2024-35824 — kernel: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume CVE-2024-35847 — kernel: irqchip/gic-v3-its: Prevent double free on error CVE-2024-35876 — kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() CVE-2024-35893 — kernel: net/sched: act_skbmod: prevent kernel-infoleak CVE-2024-35896 — kernel: netfilter: validate user input for expected length CVE-2024-35897 — kernel: netfilter: nf_tables: discard table flag update with pending basechain deletion CVE-2024-35899 — kernel: netfilter: nf_tables: flush pending destroy work before exit_net release CVE-2024-35900 — kernel: netfilter: nf_tables: reject new basechain after table flag update CVE-2024-35910 — kernel: tcp: properly terminate timers for kernel sockets CVE-2024-35912 — kernel: wifi: iwlwifi: mvm: rfi: fix potential response leaks CVE-2024-35924 — kernel: usb: typec: ucsi: Limit read size on v1.2 CVE-2024-35925 — kernel: block: prevent division by zero in blk_rq_stat_sum() CVE-2024-35930 — kernel: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() CVE-2024-35937 — kernel: wifi: cfg80211: check A-MSDU format more carefully CVE-2024-35938 — kernel: wifi: ath11k: decrease MHI channel buffer length to 8KB CVE-2024-35946 — kernel: wifi: rtw89: fix null pointer access when abort scan CVE-2024-35947 — kernel: dyndbg: fix old BUG_ON in >control parser CVE-2024-35952 — kernel: drm/ast: Fix soft lockup CVE-2024-35962 — kernel: netfilter: complete validation of user input CVE-2024-36000 — kernel: mm/hugetlb: fix missing hugetlb_lock for resv uncharge CVE-2024-36005 — kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path CVE-2024-36006 — kernel: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage CVE-2024-36010 — kernel: igb: Fix string truncation warnings in igb_set_fw_version CVE-2024-36016 — kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() CVE-2024-36017 — kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation CVE-2024-36020 — kernel: i40e: fix vf may be used uninitialized in this function warning CVE-2024-36025 — kernel: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() CVE-2024-36270 — kernel: netfilter: tproxy: bail out if IP has been disabled on the device CVE-2024-36286 — kernel: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() CVE-2024-36489 — kernel: tls: fix missing memory barrier in tls_init CVE-2024-36886 — kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36889 — kernel: mptcp: ensure snd_nxt is properly initialized on connect CVE-2024-36896 — kernel: USB: core: Fix access violation during port device removal CVE-2024-36904 — kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). CVE-2024-36905 — kernel: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets CVE-2024-36917 — kernel: block: fix overflow in blk_ioctl_discard() CVE-2024-36921 — kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal CVE-2024-36924 — kernel: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() CVE-2024-36927 — kernel: ipv4: Fix uninit-value access in __ip_make_skb() CVE-2024-36928 — kernel: s390/qeth: Fix kernel panic after setting hsuid CVE-2024-36929 — kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs CVE-2024-36933 — kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). CVE-2024-36940 — kernel: pinctrl: core: delete incorrect free in pinctrl_enable() CVE-2024-36941 — kernel: wifi: nl80211: don't free NULL coalescing rule CVE-2024-36945 — kernel: net/smc: fix neighbour and rtable leak in smc_ib_find_route() CVE-2024-36950 — kernel: firewire: ohci: mask bus reset interrupts between ISR and bottom half CVE-2024-36952 — kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up CVE-2024-36954 — kernel: tipc: fix a possible memleak in tipc_buf_append CVE-2024-36960 — kernel: drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36971 — kernel: net: kernel: UAF in network route management CVE-2024-36978 — kernel: net: sched: sch_multiq: fix possible OOB write in multiq_tune() CVE-2024-36979 — kernel: net: bridge: mst: fix vlan use-after-free CVE-2024-38538 — kernel: net: bridge: xmit: make sure we have at least eth header len bytes CVE-2024-38555 — kernel: net/mlx5: Discard command completions in internal error CVE-2024-38573 — kernel: cppc_cpufreq: Fix possible null pointer dereference CVE-2024-38575 — kernel: wifi: brcmfmac: pcie: handle randbuf allocation failure CVE-2024-38596 — kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg CVE-2024-38598 — kernel: md: fix resync softlockup when bitmap size is less than array size CVE-2024-38615 — kernel: cpufreq: exit() callback is optional CVE-2024-38627 — kernel: stm class: Fix a double free in stm_register_device() CVE-2024-39276 — kernel: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() CVE-2024-39472 — kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup CVE-2024-39476 — kernel: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING CVE-2024-39487 — kernel: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() CVE-2024-39502 — kernel: ionic: fix use after netif_napi_del() CVE-2024-40927 — kernel: xhci: Handle TD clearing for multiple streams case CVE-2024-40974 — kernel: powerpc/pseries: Enforce hcall result buffer validity and size

🔗 References (164)