SB2024101614 - Red Hat Enterprise Linux 9 update for kernel-rt

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024101614

SB2024101614 - Red Hat Enterprise Linux 9 update for kernel-rt

Published: October 16, 2024

Security Bulletin ID SB2024101614
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2023-28746)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.


2) NULL pointer dereference (CVE-ID: CVE-2021-47385)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the w83792d_detect_subclients() function in drivers/hwmon/w83792d.c. A local user can perform a denial of service (DoS) attack.


3) Resource management error (CVE-ID: CVE-2024-36244)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the parse_taprio_schedule() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.


4) Out-of-bounds read (CVE-ID: CVE-2024-39472)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the xlog_do_recovery_pass() function in fs/xfs/xfs_log_recover.c. A local user can perform a denial of service (DoS) attack.


5) Input validation error (CVE-ID: CVE-2024-41056)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cs_dsp_coeff_parse_alg() and cs_dsp_coeff_parse_coeff() functions in drivers/firmware/cirrus/cs_dsp.c. A local user can perform a denial of service (DoS) attack.


6) Memory leak (CVE-ID: CVE-2024-41066)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ibmvnic_xmit() function in drivers/net/ethernet/ibm/ibmvnic.c. A local user can perform a denial of service (DoS) attack.


7) Improper locking (CVE-ID: CVE-2024-42090)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the create_pinctrl() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.


8) Use of uninitialized resource (CVE-ID: CVE-2024-42272)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the DEFINE_MUTEX() and offsetof() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2024-42284)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References