Red Hat Enterprise Linux 8 update for kernel

1) Out-of-bounds read

EUVDB-ID: #VU88891

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52451

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the dlpar_memory_remove_by_index() function in arch/powerpc/platforms/pseries/hotplug-memory.c. A local user can trigger an out-of-bounds read and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU90660

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52463

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper locking

EUVDB-ID: #VU90807

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46939

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU93471

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52622

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU90010

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26669

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU90589

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26802

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the stmmac_fpe_stop_wq() function in drivers/net/ethernet/stmicro/stmmac/stmmac_main.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU93404

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26843

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU90574

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU90049

Risk: High

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Memory leak

EUVDB-ID: #VU90459

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52653

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Deserialization of Untrusted Data

EUVDB-ID: #VU89676

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21823

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU93683

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52658

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the esw_inline_mode_to_devlink() and mlx5_devlink_eswitch_mode_set() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource management error

EUVDB-ID: #VU93270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35807

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU93680

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35801

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper error handling

EUVDB-ID: #VU93468

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35947

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU93609

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35893

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU91198

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Use of uninitialized resource

EUVDB-ID: #VU90867

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52845

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU87457

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28746

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use-after-free

EUVDB-ID: #VU91054

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52847

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bttv_remove() function in drivers/media/pci/bt8xx/bttv-driver.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer overflow

EUVDB-ID: #VU92060

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47548

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hns_dsaf_ge_srst_by_port() function in drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU90270

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36921

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iwl_mvm_mld_rm_sta() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Integer underflow

EUVDB-ID: #VU91672

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26921

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Resource management error

EUVDB-ID: #VU93835

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47579

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ovl_create_real() function in fs/overlayfs/super.c, within the ovl_mkdir_real() function in fs/overlayfs/dir.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use of uninitialized resource

EUVDB-ID: #VU90863

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36927

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the raw_sendmsg() function in net/ipv4/raw.c, within the __ip_make_skb() function in net/ipv4/ip_output.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Memory leak

EUVDB-ID: #VU93320

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39276

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ext4_xattr_block_cache_find() function in fs/ext4/xattr.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Resource management error

EUVDB-ID: #VU93043

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-33621

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ipvlan_process_v4_outbound() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper locking

EUVDB-ID: #VU90769

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27010

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Race condition

EUVDB-ID: #VU91475

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26960

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Race condition within a thread

EUVDB-ID: #VU92380

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Integer underflow

EUVDB-ID: #VU92928

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48743

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU92952

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26733

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Out-of-bounds write

EUVDB-ID: #VU88935

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26586

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Race condition

EUVDB-ID: #VU91482

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26698

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the netvsc_device_remove() function in drivers/net/hyperv/netvsc.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU93668

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52619

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ramoops_init_przs() function in fs/pstore/ram.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper check for unusual or exceptional conditions

EUVDB-ID: #VU92399

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25739

CWE-ID: CWE-754 - Improper Check for Unusual or Exceptional Conditions

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU89235

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) NULL pointer dereference

EUVDB-ID: #VU90655

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52471

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ice_ptp_register_auxbus_driver() and ice_ptp_create_auxbus_device() functions in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Input validation error

EUVDB-ID: #VU94146

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47018

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the arch/powerpc/include/asm/nohash/64/pgtable.h, arch/powerpc/include/asm/fixmap.h, arch/powerpc/include/asm/book3s/64/pgtable.h. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Use-after-free

EUVDB-ID: #VU90237

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52530

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_key_link() function in net/mac80211/key.c, within the ieee80211_add_key() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88374

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-2201

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper locking

EUVDB-ID: #VU90801

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52486

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Resource management error

EUVDB-ID: #VU91320

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26614

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU89397

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26640

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the skb_advance_to_frag() function in net/ipv4/tcp.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper locking

EUVDB-ID: #VU92046

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52623

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds read

EUVDB-ID: #VU90334

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26660

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dcn301_stream_encoder_create() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper locking

EUVDB-ID: #VU91530

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26686

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the do_task_stat() function in fs/proc/array.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Double free

EUVDB-ID: #VU90929

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26704

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper locking

EUVDB-ID: #VU93787

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26773

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper locking

EUVDB-ID: #VU92041

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26772

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper locking

EUVDB-ID: #VU90789

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26740

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mirred_egress_to_ingress_tcp_test() function in tools/testing/selftests/net/forwarding/tc_actions.sh, within the is_mirred_nested() and tcf_mirred_to_dev() functions in net/sched/act_mirred.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU91318

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Memory leak

EUVDB-ID: #VU90005

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26840

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper locking

EUVDB-ID: #VU92039

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26837

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the switchdev_obj_eq() and switchdev_port_obj_del() functions in net/switchdev/switchdev.c, within the br_switchdev_mdb_replay_one() and br_switchdev_mdb_replay() functions in net/bridge/br_switchdev.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Buffer overflow

EUVDB-ID: #VU92006

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26870

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU91201

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26853

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the igc_xdp_xmit() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU90194

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26852

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper locking

EUVDB-ID: #VU92034

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26925

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Stack-based buffer overflow

EUVDB-ID: #VU91299

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48632

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the mlxbf_i2c_smbus_start_transaction() function in drivers/i2c/busses/i2c-mlxbf.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU90186

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26961

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU90183

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Resource management error

EUVDB-ID: #VU93394

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26940

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmw_debugfs_resource_managers_init() function in drivers/gpu/drm/vmwgfx/vmwgfx_drv.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Race condition within a thread

EUVDB-ID: #VU91432

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27020

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Race condition within a thread

EUVDB-ID: #VU91431

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27019

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Memory leak

EUVDB-ID: #VU90463

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27011

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Resource management error

EUVDB-ID: #VU94105

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27065

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper error handling

EUVDB-ID: #VU93453

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27025

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Resource management error

EUVDB-ID: #VU92985

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52648

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the vmw_du_cursor_plane_prepare_fb() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU90169

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27395

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ovs_ct_limit_exit() function in net/openvswitch/conntrack.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU90554

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35790

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Input validation error

EUVDB-ID: #VU93681

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27434

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the iwl_mvm_get_sec_flags() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Resource management error

EUVDB-ID: #VU93600

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35824

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lis3lv02d_i2c_suspend() and lis3lv02d_i2c_resume() functions in drivers/misc/lis3lv02d/lis3lv02d_i2c.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Buffer overflow

EUVDB-ID: #VU93153

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35823

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vc_uniscr_delete() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Resource management error

EUVDB-ID: #VU91612

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35814

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to double allocation of slots within the swiotlb_area_find_slots() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Buffer overflow

EUVDB-ID: #VU93666

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35810

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vmw_du_cursor_mob_size() and vmw_du_cursor_plane_cleanup_fb() functions in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Double free

EUVDB-ID: #VU90891

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35847

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Double free

EUVDB-ID: #VU90892

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52679

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the of_unittest_parse_phandle_with_args() and of_unittest_parse_phandle_with_args_map() functions in drivers/of/unittest.c, within the of_parse_phandle_with_args_map() function in drivers/of/base.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Memory leak

EUVDB-ID: #VU90444

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52662

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Memory leak

EUVDB-ID: #VU89976

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35930

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Memory leak

EUVDB-ID: #VU91640

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35912

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the iwl_rfi_get_freq_table() function in drivers/net/wireless/intel/iwlwifi/mvm/rfi.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Improper locking

EUVDB-ID: #VU92021

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35910

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Incorrect calculation

EUVDB-ID: #VU93613

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Use-after-free

EUVDB-ID: #VU90160

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35899

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Resource management error

EUVDB-ID: #VU93269

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35897

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Out-of-bounds read

EUVDB-ID: #VU90309

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35896

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Division by zero

EUVDB-ID: #VU91373

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35925

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU93623

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35924

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Buffer overflow

EUVDB-ID: #VU93240

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35938

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ARRAY_SIZE() function in drivers/net/wireless/ath/ath11k/mhi.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Out-of-bounds read

EUVDB-ID: #VU91093

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35937

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) NULL pointer dereference

EUVDB-ID: #VU90545

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35946

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the rtw89_ops_bss_info_changed() and rtw89_ops_remain_on_channel() functions in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Improper locking

EUVDB-ID: #VU91515

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35952

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ast_dp_set_on_off() function in drivers/gpu/drm/ast/ast_dp.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Resource management error

EUVDB-ID: #VU93190

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36005

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Reachable Assertion

EUVDB-ID: #VU90907

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36000

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Resource management error

EUVDB-ID: #VU93838

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36006

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Improper locking

EUVDB-ID: #VU91511

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47408

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the DEFINE_SPINLOCK(), get_next_corpse(), nf_ct_iterate_cleanup() and nf_conntrack_hash_resize() functions in net/netfilter/nf_conntrack_core.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Off-by-one

EUVDB-ID: #VU91173

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47373

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Memory leak

EUVDB-ID: #VU89957

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47304

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tcp_init_transfer() function in net/ipv4/tcp_input.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) NULL pointer dereference

EUVDB-ID: #VU93262

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47257

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ieee802154_llsec_parse_dev_addr() function in net/ieee802154/nl802154.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU90064

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52707

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the psi_trigger_destroy() function in kernel/sched/psi.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Buffer overflow

EUVDB-ID: #VU93622

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52762

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the virtblk_probe() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Information disclosure

EUVDB-ID: #VU91333

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52730

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Use-after-free

EUVDB-ID: #VU90072

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52777

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ath11k_wmi_gtk_offload_status_event() function in drivers/net/wireless/ath/ath11k/wmi.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Integer overflow

EUVDB-ID: #VU91425

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52832

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can execute arbitrary code.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Buffer overflow

EUVDB-ID: #VU93425

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52775

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the smcr_clnt_conf_first_link() function in net/smc/af_smc.c when handling SMC DECLINE messages. A remote attacker can send specially crafted SMC DECLINE message to the system, trigger memory corruption and perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU90079

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52803

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Buffer overflow

EUVDB-ID: #VU91307

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52756

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the include/linux/pwm.h. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) NULL pointer dereference

EUVDB-ID: #VU90535

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52811

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ibmvfc_get_event(), ibmvfc_queuecommand(), ibmvfc_bsg_timeout(), ibmvfc_bsg_plogi(), ibmvfc_bsg_request(), ibmvfc_reset_device(), ibmvfc_init_tmf(), ibmvfc_cancel_all_mq(), ibmvfc_abort_task_set(), ibmvfc_tgt_send_prli(), ibmvfc_tgt_send_plogi(), __ibmvfc_tgt_get_implicit_logout_evt(), ibmvfc_tgt_implicit_logout(), ibmvfc_tgt_move_login(), ibmvfc_adisc_timeout(), ibmvfc_tgt_adisc(), ibmvfc_tgt_query_target(), ibmvfc_discover_targets(), ibmvfc_channel_setup(), ibmvfc_channel_enquiry(), ibmvfc_npiv_login() and ibmvfc_npiv_logout() functions in drivers/scsi/ibmvscsi/ibmvfc.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Buffer overflow

EUVDB-ID: #VU93304

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52834

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the atl1c_set_mac_addr(), atl1c_init_ring_ptrs(), atl1c_free_ring_resources(), atl1c_rx_checksum() and atl1c_alloc_rx_buffer() functions in drivers/net/ethernet/atheros/atl1c/atl1c_main.c. A local user can escalate privileges on the system.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Improper locking

EUVDB-ID: #VU93438

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52791

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the drivers/i2c/i2c-core.h. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Improper locking

EUVDB-ID: #VU91506

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52796

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Install updates from vendor's website.

Red Hat CodeReady Linux Builder for ARM 64: 8.0

Red Hat CodeReady Linux Builder for Power, little endian: 8.0

Red Hat CodeReady Linux Builder for x86_64: 8.0

Red Hat Enterprise Linux for ARM 64: 8

Red Hat Enterprise Linux for Power, little endian: 8

Red Hat Enterprise Linux for IBM z Systems: 8

Red Hat Enterprise Linux for x86_64: 8.0

kernel (Red Hat package): before 4.18.0-553.16.1.el8_10

• cpe:2.3:o:red_hat:red hat codeready linux builder for arm 64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for power, little endian:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red hat codeready linux builder for x86_64:8.0:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_arm_64:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power_little_endian:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_ibm_z_systems:8:*:*:*:*:red_hat_enterprise_linux:*:
• cpe:2.3:o:red_hat:red_hat_enterprise_linux:8.0:*:*:*:*:*:*:

http://access.redhat.com/errata/RHSA-2024:5101

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?