SB2024032016 - Red Hat Enterprise Linux 8.8 Extended Update Support update for kernel
Published: March 20, 2024 Updated: December 19, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2021-43975)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hw_atl_utils_fw_rpc_wait() function in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c in Linux kernel. A local user can attach a specially crafted device to the system, trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
2) Double Free (CVE-ID: CVE-2022-28388)
The vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to boundary error in the usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c. A local user can pass specially crafted data to the application, trigger double free error and execute arbitrary code with elevated privileges.
3) NULL pointer dereference (CVE-ID: CVE-2022-41858)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the sl_tx_timeout() function in drivers/net/slip in Linux kernel. A local user can perform a denial of service (DoS) attack.
4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-3594)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the intr_callback() function in drivers/net/usb/r8152.c can be forced to include excessive data info the log files. A local user can read the log files and gain access to sensitive data.
Note, the vulnerability can be triggered remotely.
5) Double Free (CVE-ID: CVE-2022-4744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
6) Buffer overflow (CVE-ID: CVE-2022-3545)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the area_cache_get() function in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
7) NULL pointer dereference (CVE-ID: CVE-2023-1382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.
8) Buffer overflow (CVE-ID: CVE-2023-28772)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the seq_buf_putmem_hex() function in lib/seq_buf.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
9) NULL pointer dereference (CVE-ID: CVE-2023-2166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
10) Out-of-bounds read (CVE-ID: CVE-2023-2176)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
11) Use-after-free (CVE-ID: CVE-2023-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
12) Use-after-free (CVE-ID: CVE-2023-4921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
13) Out-of-bounds read (CVE-ID: CVE-2023-6606)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the smbCalcSize() function in fs/smb/client/netmisc.c file. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.
14) Out-of-bounds write (CVE-ID: CVE-2024-0646)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel’s Transport Layer Security functionality in the way a user calls a function splice with a ktls socket as the destination. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
15) Use-after-free (CVE-ID: CVE-2023-6817)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
16) Memory leak (CVE-ID: CVE-2023-7192)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.
17) Integer overflow (CVE-ID: CVE-2022-36402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.
18) NULL pointer dereference (CVE-ID: CVE-2022-38096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
19) Use-after-free (CVE-ID: CVE-2022-40133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the vmw_execbuf_tie_context() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2022-38457)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the vmw_cmd_res_check() function in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger a use-after-free error and crash the system.
21) Race condition (CVE-ID: CVE-2022-45887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.
22) Race condition (CVE-ID: CVE-2022-45869)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a race condition within the x86 KVM subsystem in the Linux kernel when nested virtualisation and the TDP MMU are enabled. A remote user on the guest OS can exploit the race and crash the host OS.
23) Input validation error (CVE-ID: CVE-2023-30456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.
24) Deadlock (CVE-ID: CVE-2023-31084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.
25) Race condition (CVE-ID: CVE-2023-33951)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition when handling GEM objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can exploit the race and gain unauthorized access to sensitive information on the system.
26) Double free (CVE-ID: CVE-2023-33952)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling vmw_buffer_object objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can trigger a double free error and execute arbitrary code on the target system with elevated privileges.
27) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-45862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the ENE UB6250 reader driver in drivers/usb/storage/ene_ub6250.c. A local user can trigger a boundary error and perform a denial of service (DoS) attack.
28) Use-after-free (CVE-ID: CVE-2023-5633)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when running inside a VMware guest with 3D acceleration enabled. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
29) Out-of-bounds write (CVE-ID: CVE-2023-6931)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
30) Out-of-bounds read (CVE-ID: CVE-2023-6610)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the smb2_dump_detail() function in fs/smb/client/smb2ops.c. A local user can trigger an out-of-bounds read error and gain access to sensitive information or crash the kernel.
31) Use-after-free (CVE-ID: CVE-2023-6932)
The vulnerability allows a local authenticated user to execute arbitrary code.
The vulnerability exists due to a use-after-free error within the ipv4 igmp component in Linux kernel. A local authenticated user can trigger a use-after-free error and execute arbitrary code.
32) Integer underflow (CVE-ID: CVE-2024-0565)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Use-after-free (CVE-ID: CVE-2023-51042)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
34) Use-after-free (CVE-ID: CVE-2023-51043)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/drm_atomic.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
35) Use-after-free (CVE-ID: CVE-2024-1086)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Remediation
Install update from vendor's website.