|
|
Log in / Subscribe / Register

Red Hat alert RHSA-2024:10262-01 (kernel)

An update for kernel is now available for Red Hat Enterprise Linux 8.8
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: improper input validation may lead to privilege escalation
(CVE-2021-4204)

* kernel: local privileges escalation in kernel/bpf/verifier.c
(CVE-2022-23222)

* kernel: Linux ebpf logic vulnerability leads to critical memory read and
write gaining root privileges (CVE-2022-0500)

* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage
(CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: mac802154: fix llsec key resources release in
mac802154_llsec_key_del (CVE-2024-26961)

* kernel: nvme-tcp: fix UAF when detecting digest errors (CVE-2022-48686)

* kernel: vt: fix unicode buffer corruption when deleting characters
(CVE-2024-35823)

* kernel: hwmon: (mlxreg-fan) Return non-zero value when fan current state is
enforced from sysfs (CVE-2021-47393)

* kernel: userfaultfd: fix a race between writeprotect and exit_mmap()
(CVE-2021-47461)

* kernel: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
(CVE-2024-36920)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect
(CVE-2024-36889)

* kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in
BPF_LINK_CREATE (CVE-2024-38564)

* kernel: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (CVE-2024-31076)

* kernel: drm/radeon: fix UBSAN warning in kv_dpm.c (CVE-2024-40988)

* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
(CVE-2022-48773)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

* kernel: xfs: add bounds checking to xlog_recover_process_data
(CVE-2024-41014)

* kernel: sched/deadline: Fix task_struct reference leak (CVE-2024-41023)

* kernel: bpf: Fix crash due to out of bounds access into reg2btf_ids.
(CVE-2022-48929)

* kernel: mptcp: pm: Fix uaf in __timer_delete_sync (CVE-2024-46858)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.


Original: https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_10262.json
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds