SB2024081317 - Red Hat Enterprise Linux 9 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024081317

SB2024081317 - Red Hat Enterprise Linux 9 update for kernel

Published: August 13, 2024

Security Bulletin ID SB2024081317
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities 17
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 6% High 6% Low 88%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 17 vulnerabilities.


1) Improper access control (CVE-ID: CVE-2024-26642)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.


2) Race condition (CVE-ID: CVE-2023-52639)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.


3) Expired pointer dereference (CVE-ID: CVE-2024-26808)

CWE-ID: CWE-825 - Expired pointer dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.


4) Use-after-free (CVE-ID: CVE-2024-36886)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.


5) Information disclosure (CVE-ID: CVE-2024-26993)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.


6) Deserialization of Untrusted Data (CVE-ID: CVE-2024-21823)

CWE-ID: CWE-502 - Deserialization of Untrusted Data

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.


7) Improper locking (CVE-ID: CVE-2024-27397)

CWE-ID: CWE-667 - Improper Locking

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nft_rbtree_insert(), nft_rbtree_deactivate() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_get(), nft_pipapo_get(), nft_pipapo_insert(), pipapo_gc() and pipapo_deactivate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_key(), nft_rhash_cmp(), nft_rhash_lookup(), nft_rhash_get(), nft_rhash_update(), nft_rhash_insert() and nft_rhash_deactivate() functions in net/netfilter/nft_set_hash.c, within the nft_trans_gc_catchall_sync() and nf_tables_valid_genid() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.


8) Memory leak (CVE-ID: CVE-2024-27393)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a malicious guest to perform DoS attack on the target system.

The vulnerability exists due memory leak within the xennet_alloc_one_rx_buffer() function in xen-netback implementation. A malicious guest userspace process can exhaust memory resources within the guest kernel and perform a denial of service (DoS) attack.


9) Integer underflow (CVE-ID: CVE-2024-27403)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the flow_offload_dst_cookie() and nft_flow_dst_release() functions in net/netfilter/nf_flow_table_core.c. A local user can execute arbitrary code.


10) Race condition within a thread (CVE-ID: CVE-2024-35898)

CWE-ID: CWE-366 - Race Condition within a Thread

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.


11) Resource management error (CVE-ID: CVE-2024-35897)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.


12) NULL pointer dereference (CVE-ID: CVE-2024-39502)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ionic_qcq_enable() function in drivers/net/ethernet/pensando/ionic/ionic_lif.c. A local user can perform a denial of service (DoS) attack.


13) Resource management error (CVE-ID: CVE-2024-40978)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.


14) Memory leak (CVE-ID: CVE-2021-47624)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rpc_sysfs_xprt_state_change() function in net/sunrpc/sysfs.c. A local user can perform a denial of service (DoS) attack.


15) Out-of-bounds read (CVE-ID: CVE-2024-41090)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.


16) Out-of-bounds read (CVE-ID: CVE-2024-41091)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.


17) Use-after-free (CVE-ID: CVE-2024-36971)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red


The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.


Remediation

Install update from vendor's website.

References