CLSA-2024-1712263970

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2024-1712263970.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2024-1712263970
Upstream
Published
2024-04-08T07:48:46Z
Modified
2026-05-29T01:36:53.708807130Z
Summary
kernel: Fix of 48 CVEs
Details
  • bpf: Fix re-attachment branch in bpftracingprog_attach {CVE-2024-26591}
  • ext4: improve error recovery code paths in _ext4remount() {CVE-2024-0775}
  • smb: client: fix OOB in receiveencryptedstandard() {CVE-2024-0565}
  • mtd: Fix gluebi NULL pointer dereference caused by ftl notifier {CVE-2023-52449}
  • net: prevent mss overflow in skb_segment() {CVE-2023-52435}
  • smb: client: fix potential OOBs in smb2parsecontexts() {CVE-2023-52434}
  • atm: Fix Use-After-Free in dovccioctl {CVE-2023-51780}
  • ida: Fix crash in ida_free when the bitmap is empty {CVE-2023-6915}
  • nvmet: nul-terminate the NQNs passed in the connect command {CVE-2023-6121}
  • netfilter: nf_tables: Reject tables of unsupported family {CVE-2023-6040}
  • Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work {CVE-2023-1989}
  • NFSD: fix use-after-free in nfsd4sscsetup_dul() {CVE-2023-1652}
  • x86/bugs: Flush IBP in ibprctlset() {CVE-2023-0045}
  • Bluetooth: L2CAP: Fix u8 overflow {CVE-2022-45934}
  • Bluetooth: L2CAP: Fix l2capglobalchanbypsm {CVE-2022-42896}
  • x86: Clear .brk area at early boot {CVE-2022-36123}
  • misc: sgi-gru: fix use-after-free error in grusetcontextoption, grufault and gruhandleusercallos {CVE-2022-3424}
  • Fix double fget() in vhostnetset_backend() {CVE-2023-1838}
  • wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassoc_ies() {CVE-2023-1380}
  • netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one {CVE-2023-39197}
  • relayfs: fix out-of-bounds access in relayfileread {CVE-2023-3268}
  • ipv6: rpl: Fix Route of Death. {CVE-2023-2156}
  • ipv6: Fix out-of-bounds access in ipv6findtlv() {CVE-2023-2156}
  • net: rpl: fix rpl header size calculation {CVE-2023-2156}
  • memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141}
  • ovl: fix use after free in struct ovlaioreq {CVE-2023-1252}
  • drm/amdgpu: Fix potential fence use-after-free v2 {CVE-2023-51042}
  • netfilter: nf_tables: reject QUEUE/DROP verdict parameters {CVE-2024-1086}
  • perf: Fix perfeventvalidate_size() lockdep splat {CVE-2023-6931}
  • perf: Fix perfeventvalidate_size() {CVE-2023-6931}
  • drm/atomic: Fix potential use-after-free in nonblocking commits {CVE-2023-51043}
  • nvmet-tcp: Fix the H2C expected PDU len calculation {CVE-2023-6356}
  • nvmet-tcp: remove boilerplate code {CVE-2023-6356}
  • nvmet-tcp: fix a crash in nvmetreqcomplete() {CVE-2023-6356}
  • nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length {CVE-2023-6356}
  • net: tls, update curr on splice as well {CVE-2024-0646}
  • smb: client: fix potential OOB in smb2dumpdetail() {CVE-2023-6610}
  • smb: client: fix potential OOB in cifsdumpdetail() {CVE-2023-6610}
  • smb: client: fix OOB in smbCalcSize() {CVE-2023-6606}
  • ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet {CVE-2023-6932}
  • RDMA/core: Update CMA destination address on rdmaresolveaddr {CVE-2023-2176}
  • RDMA/core: Refactor rdmabindaddr {CVE-2023-2176}
  • nfp: fix use-after-free in areacacheget() {CVE-2022-3545}
  • netfilter: nf_tables: skip bound chain on rule flush {CVE-2023-3777}
  • Bluetooth: L2CAP: Fix use-after-free in l2capsockready_cb {CVE-2023-40283}
  • drivers: net: slip: fix NPD bug in sltxtimeout() {CVE-2022-41858}
  • net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623}
  • net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623}
  • vcscreen: move load of struct vcdata pointer in vcs_read() to avoid UAF {CVE-2023-3567}
  • nvmet-tcp: Fix a possible UAF in queue intialization setup {CVE-2023-5178}
  • net: tun: fix bugs for oversize packet when napi frags enabled {CVE-2023-3812}
  • netfilter: ipset: add the missing IPSETHASHWITHNET0 macro for ipsethash_netportnet.c {CVE-2023-42753}
  • bpf: Fix incorrect verifier pruning due to missing register precision taints {CVE-2023-2163}
  • net/sched: clsroute: No longer copy tcfresult on update to avoid use-after-free {CVE-2023-4206}
  • net/sched: clsfw: No longer copy tcfresult on update to avoid use-after-free {CVE-2023-4207}
  • net/sched: clsu32: No longer copy tcfresult on update to avoid use-after-free {CVE-2023-4208}
  • net/sched: cls_u32: Fix reference counter leak leading to overflow {CVE-2023-3609}
References

Affected packages