SB20240430101 - Red Hat Enterprise Linux 8.8 Extended Update Support update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20240430101

SB20240430101 - Red Hat Enterprise Linux 8.8 Extended Update Support update for kernel

Published: April 30, 2024

Security Bulletin ID SB20240430101
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Medium 20% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2022-3640)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error in the 2cap_conn_del() function in net/bluetooth/l2cap_core.c in Linux kernel. An attacker with physical proximity to device can trigger a use-after-free error and execute arbitrary code on the system.



2) Access of Uninitialized Pointer (CVE-ID: CVE-2022-42895)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to unauthorized access of uninitialized pointer within the l2cap_parse_conf_req() function in net/bluetooth/l2cap_core.c. An attacker with physical proximity to the affected device can gain access to sensitive information.


3) Race condition (CVE-ID: CVE-2023-6546)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the GSM 0710 tty multiplexor in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


4) Integer overflow (CVE-ID: CVE-2021-33631)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when mounting a malicious filesystem. A local user can mount a specially crafted filesystem, trigger an integer overflow and execute arbitrary code.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-25744)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References