SB2024040459 - Fedora 39 update for kernel, kernel-headers 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024040459

SB2024040459 - Fedora 39 update for kernel, kernel-headers

Published: April 4, 2024

Security Bulletin ID SB2024040459
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2024-26643)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nf_tables_unbind_set() function in net/netfilter/nf_tables_api.c. A local user can exploit the race and escalate privileges on the system.


2) Improper access control (CVE-ID: CVE-2024-26642)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.


3) Double Free (CVE-ID: CVE-2024-26653)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in drivers/usb/misc/usb-ljca.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.


4) Race condition (CVE-ID: CVE-2024-26654)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.


5) Memory leak (CVE-ID: CVE-2024-26655)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the posix_clock_open() function in kernel/time/posix-clock.c. A local user can perform a denial of service attack.


6) NULL pointer dereference (CVE-ID: CVE-2024-26657)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/gpu/drm/scheduler/sched_entity.c. A local user can send an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context and perform a denial of service (DoS) attack.


7) Use-after-free (CVE-ID: CVE-2024-26656)

The vulnerability allows a local user to crash the kernel.

The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References