- kernel-5.14.0-427.37.1.el9_4 (rockylinux9)
- 5.14.0-503.14.1.el9_5
- 2024-11-26 11:41:20
- 2024-11-29 10:08:52
- K20241126_05
- CVE-2024-36978, CVSSv2 Score: 7.8
- Description:
net: sched: sch_multiq: fix possible OOB write in multiq_tune()
- CVE: https://access.redhat.com/security/cve/CVE-2024-36978
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36978-net-sched-sch-multiq-fix-possible-oob-write-in-multiq-tune.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-42284, CVSSv2 Score: 7.8
- Description:
tipc: Return non-zero value from tipc_udp_addr2str() on error
- CVE: https://access.redhat.com/security/cve/CVE-2024-42284
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42284-tipc-return-non-zero-value-from-tipc-udp-addr2str-on-error.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2021-47385, CVSSv2 Score: 5.5
- Description:
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
- CVE: https://access.redhat.com/security/cve/CVE-2021-47385
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2021-47385, CVSSv2 Score: 5.5
- Description:
hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field
- CVE: https://access.redhat.com/security/cve/CVE-2021-47385
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-35989, CVSSv2 Score: 5.5
- Description:
dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
- CVE: https://access.redhat.com/security/cve/CVE-2024-35989
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-35989-dmaengine-idxd-fix-oops-during-rmmod-on-single-cpu-platforms.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-40959, CVSSv2 Score: 5.5
- Description:
xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
- CVE: https://access.redhat.com/security/cve/CVE-2024-40959
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-40959-xfrm6-check-ip6-dst-idev-return-value-in-xfrm6-get-saddr.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-42079, CVSSv2 Score: 5.5
- Description:
gfs2: Fix NULL pointer dereference in gfs2_log_flush
- CVE: https://access.redhat.com/security/cve/CVE-2024-42079
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42079-gfs2-fix-null-pointer-dereference-in-gfs2-log-flush.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2023-28746, CVSSv2 Score:
- Description:
RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update.
- CVE:
- Patch: skipped/CVE-2023-28746.patch
- From:
- CVE-2023-52658, CVSSv2 Score: 5.5
- Description:
Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
- CVE: https://access.redhat.com/security/cve/CVE-2023-52658
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2023-52658-revert-net-mlx5-block-entering-switchdev-mode-with-ns-inconsistency.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-27403, CVSSv2 Score: 5.5
- Description:
netfilter: nft_flow_offload: reset dst in route object after setting up flow
- CVE: https://access.redhat.com/security/cve/CVE-2024-27403
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-27403-netfilter-nft-flow-offload-reset-dst-in-route-object-after-setting-up-flow.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-36889, CVSSv2 Score: 5.5
- Description:
mptcp: ensure snd_nxt is properly initialized on connect
- CVE: https://access.redhat.com/security/cve/CVE-2024-36889
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36889-mptcp-ensure-snd-nxt-is-properly-initialized-on-connect.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-39483, CVSSv2 Score: 5.5
- Description:
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
- CVE: https://access.redhat.com/security/cve/CVE-2024-39483
- Patch: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-39483-kvm-svm-warn-on-vnmi-nmi-window-iff-nmis-are-outright-masked.patch
- From: 5.14.0-427.40.1.el9_4
- CVE-2024-39502, CVSSv2 Score:
- Description:
Patches a sleepable function, there is a small but non-zero risk of livepatching failure
- CVE:
- Patch: skipped/CVE-2024-39502.patch
- From:
- CVE-2024-45018, CVSSv2 Score: 5.5
- Description:
netfilter: flowtable: initialise extack before use
- CVE: https://access.redhat.com/security/cve/CVE-2024-45018
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-45018-netfilter-flowtable-initialise-extack-before-use.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-41005, CVSSv2 Score: 5.5
- Description:
netpoll: Fix race condition in netpoll_owner_active
- CVE: https://access.redhat.com/security/cve/CVE-2024-41005
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41005-netpoll-fix-race-condition-in-netpoll-owner-active.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26923, CVSSv2 Score: 7.0
- Description:
af_unix: Fix garbage collector racing against connect()
- CVE: https://access.redhat.com/security/cve/CVE-2024-26923
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26923-af_unix-Fix-garbage-collector-racing-against-connec.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-41013, CVSSv2 Score: 5.5
- Description:
xfs: don't walk off the end of a directory data block
- CVE: https://access.redhat.com/security/cve/CVE-2024-41013
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41013-xfs-don-t-walk-off-the-end-of-a-directory-data-block.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-41014, CVSSv2 Score: 5.5
- Description:
xfs: add bounds checking to xlog_recover_process_data
- CVE: https://access.redhat.com/security/cve/CVE-2024-41014
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41014-xfs-add-bounds-checking-to-xlog-recover-process-data.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40995, CVSSv2 Score: 5.5
- Description:
net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
- CVE: https://access.redhat.com/security/cve/CVE-2024-40995
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40995-net-sched-act-api-fix-possible-infinite-loop-in-tcf-idr-check-alloc.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-43854, CVSSv2 Score: 5.5
- Description:
block: initialize integrity buffer to zero before writing it to media
- CVE: https://access.redhat.com/security/cve/CVE-2024-43854
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-43854-block-initialize-integrity-buffer-to-zero-before-writing-it-to-media.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40960, CVSSv2 Score: 5.5
- Description:
ipv6: prevent possible NULL dereference in rt6_probe()
- CVE: https://access.redhat.com/security/cve/CVE-2024-40960
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40960-ipv6-prevent-possible-null-dereference-in-rt6-probe.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40972, CVSSv2 Score: 5.5
- Description:
ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
- CVE: https://access.redhat.com/security/cve/CVE-2024-40972
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-fold-quota-accounting-into-ext4-xattr-inode-lookup-create.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40972, CVSSv2 Score: 5.5
- Description:
ext4: do not create EA inode under buffer lock
- CVE: https://access.redhat.com/security/cve/CVE-2024-40972
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-do-not-create-ea-inode-under-buffer-lock.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40998, CVSSv2 Score: 5.5
- Description:
ext4: turn quotas off if mount failed after enabling quotas
- CVE: https://access.redhat.com/security/cve/CVE-2024-40998
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-turn-quotas-off-if-mount-failed-after-enabling-quotas.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40998, CVSSv2 Score: 5.5
- Description:
ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()
- CVE: https://access.redhat.com/security/cve/CVE-2024-40998
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-fix-uninitialized-ratelimit-state-lock-access-in-ext4-fill-super.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40977, CVSSv2 Score: 5.5
- Description:
wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
- CVE: https://access.redhat.com/security/cve/CVE-2024-40977
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40977-wifi-mt76-mt7921s-fix-potential-hung-tasks-during-chip-recovery.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2021-47383, CVSSv2 Score: 5.5
- Description:
tty: Fix out-of-bound vmalloc access in imageblit
- CVE: https://access.redhat.com/security/cve/CVE-2021-47383
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2021-47383-tty-fix-out-of-bound-vmalloc-access-in-imageblit.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26640, CVSSv2 Score: 5.5
- Description:
tcp: add sanity checks to rx zerocopy
- CVE: https://www.cve.org/CVERecord?id=CVE-CVE-2024-26640
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26640-tcp-add-sanity-checks-to-rx-zerocopy.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26826, CVSSv2 Score: 5.5
- Description:
mptcp: fix data re-injection from stale subflow
- CVE: https://access.redhat.com/security/cve/CVE-2024-26826
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26826-mptcp-fix-data-re-injection-from-stale-subflow.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26935, CVSSv2 Score: 5.5
- Description:
scsi: core: Fix unremoved procfs host directory regression
- CVE: https://access.redhat.com/security/cve/CVE-2024-26935
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26935-scsi-core-fix-unremoved-procfs-host-directory-regression.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26961, CVSSv2 Score: 5.5
- Description:
mac802154: fix llsec key resources release in mac802154_llsec_key_del
- CVE: https://access.redhat.com/security/cve/CVE-2024-26961
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-26961, CVSSv2 Score: 5.5
- Description:
mac802154: fix llsec key resources release in mac802154_llsec_key_del
- CVE: https://access.redhat.com/security/cve/CVE-2024-26961
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new-kpatch.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-36244, CVSSv2 Score: 5.5
- Description:
net/sched: taprio: extend minimum interval restriction to entire cycle too
- CVE: https://access.redhat.com/security/cve/CVE-2024-36244
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-36244-net-sched-taprio-extend-minimum-interval-restriction-to-entire.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-39472, CVSSv2 Score: 5.5
- Description:
xfs: fix log recovery buffer allocation for the
- CVE: https://access.redhat.com/security/cve/CVE-2024-39472
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39472-xfs-fix-log-recovery-buffer-allocation-for-the-lega.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-39504, CVSSv2 Score: 5.5
- Description:
netfilter: nft_inner: validate mandatory meta and payload
- CVE: https://access.redhat.com/security/cve/CVE-2024-39504
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-meta.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-39504, CVSSv2 Score: 5.5
- Description:
netfilter: nft_inner: validate mandatory meta and payload
- CVE: https://access.redhat.com/security/cve/CVE-2024-39504
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-payload.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40904, CVSSv2 Score: 5.5
- Description:
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
- CVE: https://access.redhat.com/security/cve/CVE-2024-40904
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40904-usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-40931, CVSSv2 Score: 5.5
- Description:
mptcp: ensure snd_una is properly initialized on connect
- CVE: https://access.redhat.com/security/cve/CVE-2024-40931
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40931-mptcp-ensure-snd_una-is-properly-initialized-on-con.patch
- From: 5.14.0-427.42.1.el9_4
- N/A, CVSSv2 Score: N/A
- Description:
kpatch add alt asm definitions
- CVE: https://www.kernel.org
- Patch: rhel9/5.14.0-427.42.1.el9_4/kpatch-add-alt-asm-definitions.patch
- From: N/A
- CVE-2024-2201, CVSSv2 Score: 4.7
- Description:
x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- CVE: https://access.redhat.com/security/cve/CVE-2024-2201
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bugs-Change-commas-to-semicolons-in-spectre_v2-sysfs-file.patch
- From: 5.14.0-427.42.1.el9_4
- CVE-2024-2201, CVSSv2 Score: 4.7
- Description:
x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry
- CVE: https://access.redhat.com/security/cve/CVE-2024-2201
- Patch: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry.patch
- From: 5.14.0-427.42.1.el9_4