Red Hat Enterprise Linux 9 update for kernel-rt
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2023-52463 CVE-2024-26853 CVE-2024-36000 CVE-2023-52735 CVE-2024-36883 CVE-2024-38608 CVE-2024-40995 CVE-2024-41090 CVE-2024-41091 CVE-2024-41076 CVE-2024-42107 |
| CWE-ID | CWE-476 CWE-119 CWE-617 CWE-401 CWE-125 CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
kernel-rt (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU90660
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52463
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efivarfs_get_tree() function in fs/efivarfs/super.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU91201
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26853
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the igc_xdp_xmit() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU90907
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36000
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU91621
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52735
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_map_unhash(), sock_map_destroy() and sock_map_close() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU90272
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-36883
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU92341
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU94267
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-40995
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcf_idr_check_alloc() and rcu_read_unlock() functions in net/sched/act_api.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU94840
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41090
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tap_get_user_xdp() function in drivers/net/tap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU94841
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41091
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tun_xdp_one() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU94928
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-41076
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs4_set_security_label() function in fs/nfs/nfs4proc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU94962
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42107
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_ptp_extts_event() function in drivers/net/ethernet/intel/ice/ice_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
kernel-rt (Red Hat package): before 5.14.0-284.80.1.rt14.365.el9_2
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2024:5673
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
