- kernel-uek-5.15.0-200.131.27.el8uek (oel8-uek7)
- 5.15.0-300.163.18.el8uek
- 2024-10-02 09:02:24
- 2024-10-04 06:58:41
- K20241002_08
- CVE-2023-5178, CVSSv2 Score: 8.8
- Description:
nvmet-tcp: Fix a possible UAF in queue intialization setup
- CVE: https://linux.oracle.com/cve/CVE-2023-5178.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-5178-patch-nvmet-tcp-fix-a-possible-uaf-in-queue-intialization-setup.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-5090, CVSSv2 Score: 6.0
- Description:
x86: KVM: SVM: always update the x2avic msr interception
- CVE: https://linux.oracle.com/cve/CVE-2023-5090.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-5090-patch-x86-kvm-svm-always-update-the-x2avic-msr-interception.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-42756, CVSSv2 Score: 4.7
- Description:
netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
- CVE: https://linux.oracle.com/cve/CVE-2023-42756.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-42756-patch-netfilter-ipset-fix-race-between-ipset-cmd-create-and.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-4921, CVSSv2 Score: 7.8
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
- CVE: https://linux.oracle.com/cve/CVE-2023-4921.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-4921-patch-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-4921, CVSSv2 Score: 7.8
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)
- CVE: https://linux.oracle.com/cve/CVE-2023-4921.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-4921-patch-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue-kpatch.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-45871, CVSSv2 Score: 9.8
- Description:
igb: set max size RX buffer when store bad packet is enabled
- CVE: https://linux.oracle.com/cve/CVE-2023-45871.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-45871-patch-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-45871, CVSSv2 Score: 9.8
- Description:
igb: set max size RX buffer when store bad packet is enabled (adaptation)
- CVE: https://linux.oracle.com/cve/CVE-2023-45871.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled-kpatch.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-42752, CVSSv2 Score: 5.5
- Description:
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
- CVE: https://linux.oracle.com/cve/CVE-2023-42752.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-42752-patch-igmp-limit-igmpv3-newpack-packet-size-to-ip-max-mtu.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-4623, CVSSv2 Score: 7.8
- Description:
net/sched: sch_hfsc: Ensure inner classes have fsc curve
- CVE: https://linux.oracle.com/cve/CVE-2023-4623.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-4623-patch-net-sched-sch-hfsc-ensure-inner-classes-have-fsc-curve.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-4623, CVSSv2 Score: 7.8
- Description:
net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve
- CVE: https://linux.oracle.com/cve/CVE-2023-4623.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-4623-0001-net-sched-sch_hfsc-upgrade-rt-to-sc-when-it-becomes-.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2023-4244, CVSSv2 Score:
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.
- CVE:
- Patch: skipped/CVE-2023-4244.patch
- From:
- CVE-2023-5197, CVSSv2 Score: 7.8
- Description:
netfilter: nf_tables: disallow rule removal from chain binding
- CVE: https://linux.oracle.com/cve/CVE-2023-5197.html
- Patch: oel8-uek7/5.15.0-201.135.6.el8uek/CVE-2023-5197-0001-netfilter-nf_tables-disallow-rule-removal-from-chain.patch
- From: 5.15.0-201.135.6.el8uek
- CVE-2020-26555, CVSSv2 Score: 5.4
- Description:
Bluetooth: hci_event: Ignore NULL link key
- CVE: https://linux.oracle.com/cve/CVE-2020-26555.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2020-26555-Bluetooth-hci_event-Ignore-NULL-link-key.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2020-26555, CVSSv2 Score: 5.4
- Description:
Bluetooth: Reject connection with the device which has same BD_ADDR
- CVE: https://linux.oracle.com/cve/CVE-2020-26555.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2020-26555-Bluetooth-Reject-connection-with-the-device-which-ha.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-25775, CVSSv2 Score: 5.6
- Description:
RDMA/irdma: Prevent zero-length STAG registration
- CVE: https://linux.oracle.com/cve/CVE-2023-25775.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-25775-RDMA-irdma-Prevent-zero-length-STAG-registration.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-25775, CVSSv2 Score: 5.6
- Description:
RDMA/irdma: Prevent zero-length STAG registration
- CVE: https://linux.oracle.com/cve/CVE-2023-25775.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-25775-RDMA-irdma-Prevent-zero-length-STAG-registration-kpatch.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-35827, CVSSv2 Score: 6.4
- Description:
ravb: Fix use-after-free issue in ravb_tx_timeout_work()
- CVE: https://linux.oracle.com/cve/CVE-2023-35827.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-35827-ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-46813, CVSSv2 Score: 7
- Description:
x86/sev: Disable MMIO emulation from user mode
- CVE: https://linux.oracle.com/cve/CVE-2023-46813.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-46813-x86-sev-Disable-MMIO-emulation-from-user-mode.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-46813, CVSSv2 Score: 7
- Description:
x86/sev: Check IOBM for IOIO exceptions from user-space
- CVE: https://linux.oracle.com/cve/CVE-2023-46813.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-46813-x86-sev-Check-IOBM-for-IOIO-exceptions-from-user-spa.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-46813, CVSSv2 Score: 7
- Description:
x86/sev: Check for user-space IOIO pointing to kernel space
- CVE: https://linux.oracle.com/cve/CVE-2023-46813.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-46813-x86-sev-Check-for-user-space-IOIO-pointing-to-kernel.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2023-6111, CVSSv2 Score:
- Description:
Patch already exists in 5.15 kernels.
- CVE:
- Patch: skipped/CVE-2023-6111.patch
- From:
- CVE-2023-6622, CVSSv2 Score: 5.5
- Description:
netfilter: nf_tables: bail out on mismatching dynset and set expressions
- CVE: https://linux.oracle.com/cve/CVE-2023-6622.html
- Patch: oel8-uek7/5.15.0-203.146.5.1.el8uek/CVE-2023-6622-netfilter-nf_tables-bail-out-on-mismatching-dynset-a.patch
- From: 5.15.0-203.146.5.1.el8uek
- CVE-2024-1085, CVSSv2 Score: 6.6
- Description:
netfilter: nf_tables: check if catch-all set element is active in next generation
- CVE: https://linux.oracle.com/cve/CVE-2024-1085.html
- Patch: oel9-uek7/5.15.0-204.147.6.2.el9uek/CVE-2024-1085-netfilter-nf_tables-check-if-catch-all-set-element-is-active-in-next-generation-pre201.patch
- From: 5.15.0-204.147.6.2
- CVE-2024-1086, CVSSv2 Score: 7.0
- Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
- CVE: https://linux.oracle.com/cve/CVE-2024-1086.html
- Patch: oel9-uek7/5.15.0-204.147.6.3.el9uek/CVE-2024-1086-netfilter-nf_tables-reject-QUEUE-DROP-verdict-parameters.patch
- From: 5.15.0-204.147.6.3
- N/A, CVSSv2 Score: N/A
- Description:
kpatch add alt asm definitions
- CVE: https://www.kernel.org
- Patch: 5.15.0/kpatch-add-alt-asm-definitions.patch
- From: N/A
- CVE-2024-2201, CVSSv2 Score: 4.7
- Description:
x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file
- CVE: https://linux.oracle.com/cve/CVE-2024-2201.html
- Patch: 5.15.0/CVE-2024-2201-x86-bugs-Change-commas-to-semicolons-in-spectre_v2-sysfs-file.patch
- From: kernel-uek-5.15.0-205.149.5.1.el8uek
- N/A, CVSSv2 Score: N/A
- Description:
kpatch: entry: add asm headers
- CVE: https://www.kernel.org
- Patch: 5.15.0/kpatch-entry-add-asm-headers.patch
- From: N/A
- CVE-2024-2201, CVSSv2 Score: 4.7
- Description:
x86/bhi: Add support for clearing branch history at syscall entry
- CVE: https://linux.oracle.com/cve/CVE-2024-2201.html
- Patch: 5.15.0/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry-uek.patch
- From: kernel-uek-5.15.0-205.149.5.1.el8uek
- CVE-2024-41090, CVSSv2 Score: 7.1
- Description:
tap: add missing verification for short frame
- CVE: https://access.redhat.com/security/cve/CVE-2024-41090
- Patch: 5.15.0/CVE-2024-41090-tap-add-missing-verification-for-short-frame.patch
- From: 5.15.0-208.159.3.2
- CVE-2024-41091, CVSSv2 Score: 7.1
- Description:
tun: add missing verification for short frame
- CVE: https://access.redhat.com/security/cve/CVE-2024-41091
- Patch: 5.15.0/CVE-2024-41091-tun-add-missing-verification-for-short-frame.patch
- From: 5.15.0-208.159.3.2
- N/A, CVSSv2 Score: N/A
- Description:
kpatch add paravirt asm definitions
- CVE: N/A
- Patch: 5.15.0/kpatch-add-paravirt-asm-definitions.patch
- From: N/A