CLSA-2024-1722977546

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2024-1722977546.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2024-1722977546

Upstream

CVE-2019-25162

CVE-2021-33631

CVE-2022-3534

CVE-2022-48855

CVE-2022-48858

CVE-2023-1077

CVE-2023-4622

CVE-2023-52434

CVE-2023-5717

CVE-2024-26852

CVE-2024-26923

CVE-2024-36886

CVE-2024-36904

CVE-2024-36971

CVE-2024-39494

Published

2024-08-06T20:55:20Z

Modified

2026-05-29T01:37:47.284721922Z

Summary

kernel: Fix of 15 CVEs

Details

ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494}
ima: define imamaxdigest_data struct without a flexible array variable
ima: detect changes to the backing overlay file
tcp: Use refcountincnotzero() in tcptwsk_unique(). {CVE-2024-36904}
af_unix: Fix garbage collector racing against connect() {CVE-2024-26923}
net/ipv6: avoid possible UAF in ip6routempath_notify() {CVE-2024-26852}
net/mlx5: Fix a race on command flush flow {CVE-2022-48858}
sctp: fix kernel-infoleak for SCTP sockets {CVE-2022-48855}
libbpf: Fix use-after-free in btfdumpname_dups {CVE-2022-3534}
net: fix __dstnegativeadvice() race {CVE-2024-36971}
ext4: fix kernel BUG in 'ext4writeinlinedataend()' {CVE-2021-33631}
tipc: fix UAF in error path {CVE-2024-36886}
smb: client: fix parsing of SMB3.1.1 POSIX create context {CVE-2023-52434}
smb: client: fix potential OOBs in smb2parsecontexts() {CVE-2023-52434}
perf: Disallow mis-matched inherited group reads {CVE-2023-5717}
afunix: Fix null-ptr-deref in unixstream_sendpage(). {CVE-2023-4622}
sched/rt: picknextrtentity(): check listentry {CVE-2023-1077}
i2c: Fix a potential use after free {CVE-2019-25162}

References

https://errata.cloudlinux.com/centos8.4-els/CLSA-2024-1722977546.html

Affected packages