Main Vulnerability Database SB2024081471

SB2024081471 - Red Hat Enterprise Linux 9 update for kernel

Published: August 14, 2024

Security Bulletin ID SB2024081471

Severity

Critical

Patch available

YES

Number of vulnerabilities 45

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 45 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2024-26600)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

2) Expired pointer dereference (CVE-ID: CVE-2024-26808)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a stale reference within the nf_tables_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

3) Integer underflow (CVE-ID: CVE-2024-26828)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.

4) NULL pointer dereference (CVE-ID: CVE-2024-26897)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2024-26868)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ff_layout_cancel_io() function in fs/nfs/flexfilelayout/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.

6) Buffer overflow (CVE-ID: CVE-2024-26853)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the igc_xdp_xmit() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.

7) Resource management error (CVE-ID: CVE-2024-27065)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

8) Use-after-free (CVE-ID: CVE-2024-27052)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.

9) Use-after-free (CVE-ID: CVE-2024-27049)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mt7925_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7925/pci.c. A local user can escalate privileges on the system.

10) Deserialization of Untrusted Data (CVE-ID: CVE-2024-21823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2024-35789)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

12) Information disclosure (CVE-ID: CVE-2024-27417)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.

13) Input validation error (CVE-ID: CVE-2024-27434)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_get_sec_flags() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c. A local user can perform a denial of service (DoS) attack.

14) Buffer overflow (CVE-ID: CVE-2024-35823)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

15) NULL pointer dereference (CVE-ID: CVE-2024-35800)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the generic_ops_supported() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.

16) Memory leak (CVE-ID: CVE-2024-35852)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mlxsw_sp_acl_tcam_vregion_destroy() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

17) Buffer overflow (CVE-ID: CVE-2024-35848)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.

18) Input validation error (CVE-ID: CVE-2024-35845)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.

19) NULL pointer dereference (CVE-ID: CVE-2024-35911)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

20) Use-after-free (CVE-ID: CVE-2024-35899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

21) Out-of-bounds read (CVE-ID: CVE-2024-35937)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

22) Use-after-free (CVE-ID: CVE-2024-35969)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

23) Resource management error (CVE-ID: CVE-2024-36005)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

24) Buffer overflow (CVE-ID: CVE-2023-52864)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

25) Use of uninitialized resource (CVE-ID: CVE-2024-36020)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.

26) Out-of-bounds read (CVE-ID: CVE-2024-36017)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

27) NULL pointer dereference (CVE-ID: CVE-2024-36941)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

28) Improper error handling (CVE-ID: CVE-2024-36929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

29) Improper locking (CVE-ID: CVE-2024-36922)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the iwl_txq_reclaim() function in drivers/net/wireless/intel/iwlwifi/queue/tx.c. A local user can perform a denial of service (DoS) attack.

30) Out-of-bounds read (CVE-ID: CVE-2024-36921)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_mld_rm_sta() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c. A local user can perform a denial of service (DoS) attack.

31) Use of uninitialized resource (CVE-ID: CVE-2024-36903)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __ip6_make_skb() function in net/ipv6/ip6_output.c. A local user can perform a denial of service (DoS) attack.

32) Use-after-free (CVE-ID: CVE-2024-36971)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.

Note, the vulnerability is being actively exploited in the wild.

33) Improper locking (CVE-ID: CVE-2021-47606)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

34) NULL pointer dereference (CVE-ID: CVE-2024-38575)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the brcmf_pcie_provide_random_bytes() and brcmf_pcie_download_fw_nvram() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c. A local user can perform a denial of service (DoS) attack.

35) Input validation error (CVE-ID: CVE-2024-38558)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

36) Resource management error (CVE-ID: CVE-2024-33621)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

37) Out-of-bounds read (CVE-ID: CVE-2024-37356)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.

38) Resource management error (CVE-ID: CVE-2024-37353)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vp_find_vqs_msix() function in drivers/virtio/virtio_pci_common.c. A local user can perform a denial of service (DoS) attack.

39) NULL pointer dereference (CVE-ID: CVE-2024-36489)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tls_ctx_create() function in net/tls/tls_main.c. A local user can perform a denial of service (DoS) attack.

40) Memory leak (CVE-ID: CVE-2024-38391)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cxl_pmem_region_alloc() function in drivers/cxl/core/region.c. A local user can perform a denial of service (DoS) attack.

41) Out-of-bounds read (CVE-ID: CVE-2024-39487)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.

42) NULL pointer dereference (CVE-ID: CVE-2024-40928)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ethtool_get_phy_stats_ethtool() function in net/ethtool/ioctl.c. A local user can perform a denial of service (DoS) attack.

43) Use-after-free (CVE-ID: CVE-2024-40954)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.

44) Use-after-free (CVE-ID: CVE-2024-40958)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.

45) NULL pointer dereference (CVE-ID: CVE-2024-40961)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fib6_nh_init() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2024:5363

SB2024081471 - Red Hat Enterprise Linux 9 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human