Red Hat Enterprise Linux 8 update for kernel



Published: 2024-07-11
Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2024-36886
CVE-2021-47293
CVE-2021-47310
CVE-2022-1789
CVE-2024-26583
CVE-2024-26585
CVE-2024-26735
CVE-2024-26801
CVE-2024-26804
CVE-2024-27397
CVE-2024-35958
CVE-2024-35969
CVE-2024-36952
CVE-2024-26584
CVE-2024-36005
CWE-ID CWE-416
CWE-20
CWE-476
CWE-362
CWE-667
CWE-399
CWE-388
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions
Operating systems & Components / Operating system package or component

kernel (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux Server - TUS
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server - AUS
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU94124

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47293

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tcf_skbmod_act() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU90102

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47310

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU64261

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1789

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference in kvm_mmu_invpcid_gva. A local attacker can trigger vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU87596

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26583

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition between async notify and socket close in TLS implementation in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system, trigger a race condition and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Race condition

EUVDB-ID: #VU89251

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26585

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tls_encrypt_done() function in net/tls/tls_sw.c. A remote attacker user can send specially crafted requests to the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90215

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26735

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU90209

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26801

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hci_error_reset() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU90212

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26804

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tnl_update_pmtu(), ip_md_tunnel_xmit() and ip_tunnel_xmit() functions in net/ipv4/ip_tunnel.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper locking

EUVDB-ID: #VU92027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27397

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nft_rbtree_insert(), nft_rbtree_deactivate() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_get(), nft_pipapo_get(), nft_pipapo_insert(), pipapo_gc() and pipapo_deactivate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_key(), nft_rhash_cmp(), nft_rhash_lookup(), nft_rhash_get(), nft_rhash_update(), nft_rhash_insert() and nft_rhash_deactivate() functions in net/netfilter/nft_set_hash.c, within the nft_trans_gc_catchall_sync() and nf_tables_valid_genid() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93255

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35958

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Race condition

EUVDB-ID: #VU91463

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36952

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the lpfc_vport_delete() function in drivers/scsi/lpfc/lpfc_vport.c. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Error handling

EUVDB-ID: #VU89001

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26584

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when handling backlogging of crypto requests in net/tls/tls_sw.c. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions: 8.6

Red Hat Enterprise Linux Server - TUS: 8.6

Red Hat Enterprise Linux Server - AUS: 8.6

kernel (Red Hat package): before 4.18.0-372.111.1.el8_6

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2024:4447


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###