SB2024092423 - Red Hat Enterprise Linux 9 update for kernel

Security Bulletin ID SB2024092423

Severity

Low

Patch available

YES

Number of vulnerabilities 21

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 21 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-52439)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uio_open() function in drivers/uio/uio.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

2) Use-after-free (CVE-ID: CVE-2024-26739)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2024-26947)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.

4) NULL pointer dereference (CVE-ID: CVE-2024-26931)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

5) Double free (CVE-ID: CVE-2024-26930)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.

6) Double free (CVE-ID: CVE-2024-26929)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.

7) Improper locking (CVE-ID: CVE-2024-27022)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the dup_mmap() function in kernel/fork.c. A local user can execute arbitrary code.

8) Out-of-bounds read (CVE-ID: CVE-2024-26991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the kvm_arch_post_set_memory_attributes() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.

9) Improper locking (CVE-ID: CVE-2024-35895)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

10) Out-of-bounds write (CVE-ID: CVE-2024-36016)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the gsm0_receive() function in drivers/tty/n_gsm.c. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

11) Use-after-free (CVE-ID: CVE-2024-36899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.

12) Input validation error (CVE-ID: CVE-2024-38615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

13) Infinite loop (CVE-ID: CVE-2024-38601)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.

14) NULL pointer dereference (CVE-ID: CVE-2024-38573)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() functions in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.

15) Use-after-free (CVE-ID: CVE-2024-38570)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gfs2_gl_hash_clear() function in fs/gfs2/super.c, within the init_sbd() function in fs/gfs2/ops_fstype.c, within the gdlm_ast(), gdlm_bast() and gdlm_put_lock() functions in fs/gfs2/lock_dlm.c, within the glock_blocked_by_withdraw() and gfs2_gl_hash_clear() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

16) Out-of-bounds read (CVE-ID: CVE-2024-38562)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nl80211_trigger_scan() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

17) Improper locking (CVE-ID: CVE-2023-52884)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.

18) NULL pointer dereference (CVE-ID: CVE-2024-40984)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acpi_ex_system_memory_space_handler() function in drivers/acpi/acpica/exregion.c. A local user can perform a denial of service (DoS) attack.

19) Out-of-bounds read (CVE-ID: CVE-2024-41071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ieee80211_prep_hw_scan() function in net/mac80211/scan.c. A local user can perform a denial of service (DoS) attack.

20) Use of uninitialized resource (CVE-ID: CVE-2024-42225)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mt7915_mcu_add_nested_subtlv() function in drivers/net/wireless/mediatek/mt76/mt7915/mcu.c, within the mt76_connac_mcu_add_nested_tlv(), mt76_connac_mcu_hw_scan(), mt76_connac_mcu_sched_scan_req(), mt76_connac_mcu_update_gtk_rekey() and mt76_connac_mcu_set_wow_pattern() functions in drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c. A local user can perform a denial of service (DoS) attack.

21) Infinite loop (CVE-ID: CVE-2024-42246)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the xs_tcp_setup_socket() function in net/sunrpc/xprtsock.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2024:6997

SB2024092423 - Red Hat Enterprise Linux 9 update for kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human