RedHat Linux Kernel Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Notes:
CVE-2024-1086 is being exploited in the wild. It is related to use-after-free vulnerability in the netfilter: nf_tables component. Local attackers could exploit this flaw to elevate privileges from a regular user to root. The risk level remain medium risk.
[Updated on 2024-02-19]
Updated System / Technologies affected, Solutions and Related Links.
[Updated on 2024-02-23]
Updated Solutions, Vulnerability Identifier and Related Links.
[Updated on 2024-05-31]
Updated Description.
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
- Kernel Module Management 2 for RHEL 9 x86_64
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for Real Time for NFV for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for Real Time for x86_64 - 4 years of updates 9.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Virtualization Host 4 for RHEL 8 x86_64
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHBA-2024:0638
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
Vulnerability Identifier
- CVE-2021-3640
- CVE-2021-4204
- CVE-2021-30002
- CVE-2021-33655
- CVE-2021-34866
- CVE-2022-0168
- CVE-2022-0500
- CVE-2022-0617
- CVE-2022-1462
- CVE-2022-2078
- CVE-2022-2196
- CVE-2022-2586
- CVE-2022-2663
- CVE-2022-3239
- CVE-2022-3524
- CVE-2022-3545
- CVE-2022-3566
- CVE-2022-3594
- CVE-2022-3619
- CVE-2022-3623
- CVE-2022-3625
- CVE-2022-3707
- CVE-2022-20368
- CVE-2022-21499
- CVE-2022-23222
- CVE-2022-23960
- CVE-2022-24448
- CVE-2022-25265
- CVE-2022-28388
- CVE-2022-28390
- CVE-2022-28893
- CVE-2022-29581
- CVE-2022-36402
- CVE-2022-36946
- CVE-2022-38096
- CVE-2022-38457
- CVE-2022-39189
- CVE-2022-40133
- CVE-2022-45887
- CVE-2023-0458
- CVE-2023-1073
- CVE-2023-1074
- CVE-2023-1075
- CVE-2023-1079
- CVE-2023-1252
- CVE-2023-1838
- CVE-2023-1855
- CVE-2023-1989
- CVE-2023-2162
- CVE-2023-2163
- CVE-2023-2166
- CVE-2023-2176
- CVE-2023-3141
- CVE-2023-3567
- CVE-2023-3611
- CVE-2023-3772
- CVE-2023-3812
- CVE-2023-4132
- CVE-2023-4622
- CVE-2023-4623
- CVE-2023-4921
- CVE-2023-5178
- CVE-2023-5363
- CVE-2023-5717
- CVE-2023-6356
- CVE-2023-6535
- CVE-2023-6536
- CVE-2023-6546
- CVE-2023-6606
- CVE-2023-6610
- CVE-2023-6817
- CVE-2023-6931
- CVE-2023-6932
- CVE-2023-7192
- CVE-2023-20569
- CVE-2023-23455
- CVE-2023-26545
- CVE-2023-28328
- CVE-2023-28772
- CVE-2023-30456
- CVE-2023-31084
- CVE-2023-31436
- CVE-2023-33203
- CVE-2023-35823
- CVE-2023-35824
- CVE-2023-35825
- CVE-2023-39615
- CVE-2023-40283
- CVE-2023-45862
- CVE-2023-45871
- CVE-2023-46813
- CVE-2023-51042
- CVE-2024-0646
- CVE-2024-1086
Source
Related Link
- https://access.redhat.com/errata/RHSA-2024:0575
- https://access.redhat.com/errata/RHBA-2024:0638
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0930
- https://access.redhat.com/errata/RHSA-2024:0937
Related Tags
Share with