RXSA-2024:1248

Import Source

https://storage.googleapis.com/resf-osv-data/RXSA-2024:1248.json

Related

CVE-2023-4244
CVE-2023-51042
CVE-2023-5717
CVE-2023-6356
CVE-2023-6535
CVE-2023-6536
CVE-2023-6606
CVE-2023-6610
CVE-2023-6817
CVE-2024-0193
CVE-2024-0646

Published

2024-03-27T04:37:19.422545Z

Modified

2024-03-27T04:37:25.998331Z

Details

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

kernel: inactive elements in nftpipapowalk (CVE-2023-6817)
kernel: netfilter: use-after-free in nfttransgccatchallsync leads to privilege escalation (CVE-2024-0193)
kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)
kernel: Use-after-free in nftverdictdump due to a race between set GC and transaction (CVE-2023-4244)
kernel: A heap out-of-bounds write when function perfreadgroup is called and siblinglist is smaller than its child's siblinglist (CVE-2023-5717)
kernel: NULL pointer dereference in nvmettcpbuild_iovec (CVE-2023-6356)
kernel: NULL pointer dereference in nvmettcpexecute_request (CVE-2023-6535)
kernel: NULL pointer dereference in _nvmetreq_complete (CVE-2023-6536)
kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)
kernel: OOB Access in smb2dumpdetail (CVE-2023-6610)
kernel: use-after-free in amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

Rocky Linux:9 / kernel

Package

Name: kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:5.14.0-362.24.1.el9_3.cloud.0.6