SB2024061701 - Red Hat Enterprise Linux 7 update for linux-firmware
Published: June 17, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Protection Mechanism Failure (CVE-ID: CVE-2022-46329)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local user can bypass implemented security restrictions and elevate privileges on the system.
2) Improper access control (CVE-ID: CVE-2022-27635)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.
3) Improper access control (CVE-ID: CVE-2022-40964)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and execute arbitrary code with elevated privileges.
4) Input validation error (CVE-ID: CVE-2022-36351)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can send specially crafted data to the system and perform a denial of service (DoS) attack.
5) Input validation error (CVE-ID: CVE-2022-38076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the system and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.