- kernel-4.18.0-513.24.1.el8_9 (oel8)
- 4.18.0-553.5.1.el8_10
- 2024-06-11 21:39:10
- 2024-06-17 11:29:12
- K20240611_13
- CVE-2023-4244, CVSSv2 Score:
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.
- CVE:
- Patch: skipped/CVE-2023-4244.patch
- From:
- CVE-2023-6176, CVSSv2 Score: 7.8
- Description:
net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
- CVE: https://access.redhat.com/security/cve/CVE-2023-6176
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-6176-net-tls-do-not-free-tls_rec-on-async-operation-in-bpf_exec_tx_verdict.patch
- From: 4.18.0-553.el8_10
- CVE-2023-6932, CVSSv2 Score: 7.8
- Description:
ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
- CVE: https://access.redhat.com/security/cve/CVE-2023-6932
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-6932-ipv4-igmp-fix-refcnt-uaf-issue-when-receiving-igmp-query-packet.patch
- From: 4.18.0-553.el8_10
- CVE-2023-28464, CVSSv2 Score: 7.8
- Description:
Bluetooth: Fix double free in hci_conn_cleanup
- CVE: https://access.redhat.com/security/cve/CVE-2023-28464
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-28464-bluetooth-fix-double-free-in-hci-conn-cleanup.patch
- From: 4.18.0-553.el8_10
- CVE-2024-0841, CVSSv2 Score: 6.6
- Description:
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
- CVE: https://access.redhat.com/security/cve/CVE-2024-0841
- Patch: rhel8/4.18.0-553.el8_10/CVE-2024-0841-fs-hugetlb-fix-null-pointer-dereference-in.patch
- From: 4.18.0-553.el8_10
- CVE-2023-6915, CVSSv2 Score: 6.2
- Description:
ida: Fix crash in ida_free when the bitmap is empty
- CVE: https://access.redhat.com/security/cve/CVE-2023-6915
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-6915-ida-fix-crash-in-ida-free-when-the-bitmap-is.patch
- From: 4.18.0-553.el8_10
- CVE-2023-39198, CVSSv2 Score: 7.5
- Description:
drm/qxl: fix UAF on handle creation
- CVE: https://access.redhat.com/security/cve/CVE-2023-39198
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-39198-drm-qxl-fix-uaf-on-handle-creation.patch
- From: 4.18.0-553.el8_10
- CVE-2021-4204, CVSSv2 Score: 6.4
- Description:
UBUNTU: SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other than 0
- CVE: https://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-4204
- Patch: 5.11.0/CVE-2021-4204-UBUNTU-SAUCE-bpf-prevent-helper-argument-PTR_TO_ALLOC_MEM-to-have-offset-other-than-0.patch
- From: 5.11.0-46.51~20.04.2
- CVE-2024-25742 CVE-2024-25743, CVSSv2 Score: 7.1
- Description:
x86/sev: Harden #VC instruction emulation somewhat
- CVE: https://access.redhat.com/security/cve/CVE-2024-25743
- Patch: rhel8/4.18.0-553.el8_10/CVE-2024-25742-CVE-2024-25743-3942-x86-sev-Harden-VC-instruction-emulation-somewhat.patch
- From: 4.18.0-553.el8_10
- CVE-2023-51779, CVSSv2 Score: 7.0
- Description:
Bluetooth: af_bluetooth: Fix Use-After-Free in
- CVE: https://access.redhat.com/security/cve/CVE-2023-51779
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-51779-2946-Bluetooth-af_bluetooth-Fix-Use-After-Free-in-bt_sock.patch
- From: 4.18.0-553.el8_10
- CVE-2023-24023, CVSSv2 Score: 6.8
- Description:
Bluetooth: Add more enc key size check
- CVE: https://access.redhat.com/security/cve/CVE-2023-24023
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-24023-3694-Bluetooth-Add-more-enc-key-size-check.patch
- From: 4.18.0-553.el8_10
- CVE-2019-13631, CVSSv2 Score: 5.3
- Description:
Input: gtco - bounds check collection indent level
- CVE: https://access.redhat.com/security/cve/CVE-2019-13631
- Patch: rhel8/4.18.0-553.el8_10/CVE-2019-13631-0684-Input-gtco-bounds-check-collection-indent-level.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52581, CVSSv2 Score:
- Description:
The patch for this CVE already present in kernel-5.14.0-362.24.1.el9_3 version. The kernel-5.14.0-362.18.1.el9_3 version and below are not vulnerable because they don't have commit 5f68718b34a5 (netfilter: nf_tables: GC transaction API to avoid race with control plane) which introduced the vulnerability.
- CVE:
- Patch: skipped/CVE-2023-52581.patch
- From:
- CVE-2023-39189, CVSSv2 Score: 6.0
- Description:
netfilter: nfnetlink_osf: avoid OOB read
- CVE: https://access.redhat.com/security/cve/CVE-2023-39189
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-39189-netfilter-nfnetlink-osf-avoid-oob-read.patch
- From: 4.18.0-553.el8_10
- CVE-2023-39193, CVSSv2 Score: 6.1
- Description:
netfilter: xt_sctp: validate the flag_info count
- CVE: https://access.redhat.com/security/cve/CVE-2023-39193
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-39193-netfilter-xt-sctp-validate-the-flag-info-count.patch
- From: 4.18.0-553.el8_10
- CVE-2023-4133, CVSSv2 Score: 5.5
- Description:
cxgb4: fix use after free bugs caused by circular
- CVE: https://access.redhat.com/security/cve/CVE-2023-4133
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-4133-cxgb4-fix-use-after-free-bugs-caused-by-circular-dependency-problem.patch
- From: 4.18.0-553.el8_10
- CVE-2023-38409, CVSSv2 Score: 5.5
- Description:
fbcon: Fix error paths in set_con2fb_map
- CVE: https://access.redhat.com/security/cve/CVE-2023-38409
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-38409-fbcon-fix-error-paths-in-set-con2fb-map.patch
- From: 4.18.0-553.el8_10
- CVE-2023-38409, CVSSv2 Score: 5.5
- Description:
fbcon: set_con2fb_map needs to set con2fb_map!
- CVE: https://access.redhat.com/security/cve/CVE-2023-38409
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-38409-fbcon-set-con2fb-map-needs-to-set-con2fb-map.patch
- From: 4.18.0-553.el8_10
- CVE-2023-42755, CVSSv2 Score: 6.5
- Description:
net/sched: cls_rsvp: always try to match inside the linear part of skb
- CVE: https://access.redhat.com/security/cve/CVE-2023-42755
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-42755-net-sched-cls-rsvp-always-try-to-match-inside-the-linear-part-of-skb.patch
- From: 4.18.0-553.el8_10
- CVE-2023-6622, CVSSv2 Score: 5.5
- Description:
netfilter: nf_tables: bail out on mismatching
- CVE: https://access.redhat.com/security/cve/CVE-2023-6622
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-6622-netfilter-nf-tables-bail-out-on-mismatching-dynset-and-set-expressions.patch
- From: 4.18.0-553.el8_10
- CVE-2023-45863, CVSSv2 Score: 6.4
- Description:
kobject: Remove docstring reference to kset
- CVE: https://access.redhat.com/security/cve/CVE-2023-45863
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-45863-kobject-remove-docstring-reference-to-kset.patch
- From: 4.18.0-553.el8_10
- CVE-2023-45863, CVSSv2 Score: 6.4
- Description:
kobject: modify kobject_get_path() to take a const
- CVE: https://access.redhat.com/security/cve/CVE-2023-45863
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-45863-kobject-modify-kobject-get-path-to-take-a-const.patch
- From: 4.18.0-553.el8_10
- CVE-2023-45863, CVSSv2 Score: 6.4
- Description:
kobject: Fix slab-out-of-bounds in fill_kobj_path()
- CVE: https://access.redhat.com/security/cve/CVE-2023-45863
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-45863-kobject-fix-slab-out-of-bounds-in-fill-kobj-path.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52340, CVSSv2 Score: 6.5
- Description:
net: add a route cache full diagnostic message
- CVE: https://access.redhat.com/security/cve/CVE-2023-52340
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52340-net-add-a-route-cache-full-diagnostic-message.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52340, CVSSv2 Score: 6.5
- Description:
net/dst: use a smaller percpu_counter batch for dst entries accounting
- CVE: https://access.redhat.com/security/cve/CVE-2023-52340
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52340-net-dst-use-a-smaller-percpu-counter-batch-for-dst-entries-accounting.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52340, CVSSv2 Score: 6.5
- Description:
ipv6: remove max_size check inline with ipv4
- CVE: https://access.redhat.com/security/cve/CVE-2023-52340
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52340-ipv6-remove-max-size-check-inline-with-ipv4.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52340, CVSSv2 Score: 6.5
- Description:
ipv6: Remove extra counter pull before gc
- CVE: https://access.redhat.com/security/cve/CVE-2023-52340
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52340-ipv6-remove-extra-counter-pull-before-gc.patch
- From: 4.18.0-553.el8_10
- CVE-2019-15505, CVSSv2 Score: 9.8
- Description:
media: technisat-usb2: break out of loop at end of
- CVE: https://access.redhat.com/security/cve/CVE-2019-15505
- Patch: rhel8/4.18.0-553.el8_10/CVE-2019-15505-media-technisat-usb2-break-out-of-loop-at-end-of.patch
- From: 4.18.0-553.el8_10
- CVE-2023-25775, CVSSv2 Score: 9.8
- Description:
RDMA/irdma: Prevent zero-length STAG registration
- CVE: https://access.redhat.com/security/cve/CVE-2023-25775
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-25775-rdma-irdma-prevent-zero-length-stag-registration.patch
- From: 4.18.0-553.el8_10
- CVE-2023-51780, CVSSv2 Score: 8.1
- Description:
atm: Fix Use-After-Free in do_vcc_ioctl
- CVE: https://access.redhat.com/security/cve/CVE-2023-51780
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-51780-atm-fix-use-after-free-in-do-vcc-ioctl.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52434, CVSSv2 Score: 8.0
- Description:
smb: client: fix potential OOBs in
- CVE: https://access.redhat.com/security/cve/CVE-2023-52434
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52434-smb-client-fix-potential-oobs-in.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52434, CVSSv2 Score: 8.0
- Description:
smb: client: fix parsing of SMB3.1.1 POSIX create
- CVE: https://access.redhat.com/security/cve/CVE-2023-52434
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52434-smb-client-fix-parsing-of-smb3-1-1-posix-create.patch
- From: 4.18.0-553.el8_10
- CVE-2022-3565, CVSSv2 Score: 7.8
- Description:
mISDN: fix use-after-free bugs in l1oip timer
- CVE: https://access.redhat.com/security/cve/CVE-2022-3565
- Patch: rhel8/4.18.0-553.el8_10/CVE-2022-3565-misdn-fix-use-after-free-bugs-in-l1oip-timer.patch
- From: 4.18.0-553.el8_10
- CVE-2022-3565, CVSSv2 Score: 7.8
- Description:
verify struct l1oip layout
- CVE: https://access.redhat.com/security/cve/CVE-2022-3565
- Patch: rhel8/4.18.0-553.el8_10/CVE-2022-3565-misdn-fix-use-after-free-bugs-in-l1oip-timer-kpatch.patch
- From: 4.18.0-553.el8_10
- CVE-2022-45934, CVSSv2 Score: 7.8
- Description:
Bluetooth: L2CAP: Fix u8 overflow
- CVE: https://access.redhat.com/security/cve/CVE-2022-45934
- Patch: rhel8/4.18.0-553.el8_10/CVE-2022-45934-bluetooth-l2cap-fix-u8-overflow.patch
- From: 4.18.0-553.el8_10
- CVE-2022-0500, CVSSv2 Score:
- Description:
Complex adaptation required. Requires changes a lot of constants
- CVE:
- Patch: skipped/CVE-2022-0500.patch
- From:
- CVE-2022-23222, CVSSv2 Score:
- Description:
Complex adaptation required.
- CVE:
- Patch: skipped/CVE-2022-23222.patch
- From:
- CVE-2023-52574, CVSSv2 Score: 4.4
- Description:
team: fix null-ptr-deref when team device type is changed
- CVE: https://access.redhat.com/security/cve/CVE-2023-52574
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52574-0725-team-fix-null-ptr-deref-when-team-device-type-is-cha.patch
- From: 4.18.0-553.el8_10
- CVE-2023-52574, CVSSv2 Score: 4.4
- Description:
team: fix null-ptr-deref when team device type is changed
- CVE: https://access.redhat.com/security/cve/CVE-2023-52574
- Patch: rhel8/4.18.0-553.el8_10/CVE-2023-52574-0725-team-fix-null-ptr-deref-when-team-device-type-is-cha-kpatch.patch
- From: 4.18.0-553.el8_10
- N/A, CVSSv2 Score: N/A
- Description:
x86 xen add xenpv restore regs and return to usermode
- CVE: N/A
- Patch: 4.18.0/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode-el8-372.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
kpatch add alt asm definitions
- CVE: N/A
- Patch: 4.18.0/kpatch-add-alt-asm-definitions-el8-372.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
kpatch add paravirt asm definitions
- CVE: N/A
- Patch: 4.18.0/0003-kpatch-add-paravirt-asm-definitions.patch
- From: N/A