Red Hat Enterprise Linux 8 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-26598 CVE-2024-26830 CVE-2024-35884 CVE-2021-47560 |
| CWE-ID | CWE-416 CWE-20 CWE-119 CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions Operating systems & Components / Operating system package or component kernel (Red Hat package) Operating systems & Components / Operating system package or component Red Hat Enterprise Linux Server - TUS Operating systems & Components / Operating system Red Hat Enterprise Linux Server - AUS Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90262
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26598
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vgic_its_check_cache() and vgic_its_inject_cached_translation() functions in virt/kvm/arm/vgic/vgic-its.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6
Red Hat Enterprise Linux Server - TUS: 8.6
Red Hat Enterprise Linux Server - AUS: 8.6
kernel (Red Hat package): before 4.18.0-372.126.1.el8_6
CPE2.3- cpe:2.3:a:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2024:8161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU94135
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6
Red Hat Enterprise Linux Server - TUS: 8.6
Red Hat Enterprise Linux Server - AUS: 8.6
kernel (Red Hat package): before 4.18.0-372.126.1.el8_6
CPE2.3- cpe:2.3:a:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2024:8161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU93150
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6
Red Hat Enterprise Linux Server - TUS: 8.6
Red Hat Enterprise Linux Server - AUS: 8.6
kernel (Red Hat package): before 4.18.0-372.126.1.el8_6
CPE2.3- cpe:2.3:a:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2024:8161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90398
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47560
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlxsw_sp_pude_event_func() function in drivers/net/ethernet/mellanox/mlxsw/spectrum.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6
Red Hat Enterprise Linux Server - TUS: 8.6
Red Hat Enterprise Linux Server - AUS: 8.6
kernel (Red Hat package): before 4.18.0-372.126.1.el8_6
CPE2.3- cpe:2.3:a:red_hat:red_hat_enterprise_linux_server_for_ibm_power_le_-_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_tus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:red_hat_enterprise_linux_server_-_aus:8.6:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:kernel_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2024:8161
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
