SB2024042344 - Red Hat Enterprise Linux 8 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024042344

SB2024042344 - Red Hat Enterprise Linux 8 update for kernel

Published: April 23, 2024

Security Bulletin ID SB2024042344
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2023-1192)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.


2) NULL pointer dereference (CVE-ID: CVE-2023-4459)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.


3) Out-of-bounds write (CVE-ID: CVE-2023-3812)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


4) Memory leak (CVE-ID: CVE-2023-7192)

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.


5) Out-of-bounds write (CVE-ID: CVE-2024-26586)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.


6) Incorrect calculation (CVE-ID: CVE-2021-46915)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nft_limit_init() function in net/netfilter/nft_limit.c. A local user can perform a denial of service (DoS) attack.


7) Resource exhaustion (CVE-ID: CVE-2024-26602)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in kernel/sched/membarrier.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References