- kernel-3.10.0-1160.62.1.el7 (oel7)
- 3.10.0-1160.119.1.0.5.el7
- 2024-10-01 09:32:32
- 2024-10-04 13:38:57
- K20241001_03
- CVE-2022-1016
- Description:
Initialize registers to avoid stack leak into userspace.
- CVE: https://access.redhat.com/security/cve/cve-2022-1016
- Patch: 3.10.0/CVE-2022-1016-ge-1062.patch
- From: >kernel-3.10.0-1160.62.1.el7
- CVE-2022-1015
- Description:
Bail out in case userspace uses unsupported registers.
- CVE: https://access.redhat.com/security/cve/cve-2022-1015
- Patch: 3.10.0/CVE-2022-1015.patch
- From: >kernel-3.10.0-1160.62.1.el7
- CVE-2022-0492
- Description:
cgroup-v1: Require capabilities to set release_agent
- CVE: https://access.redhat.com/security/cve/CVE-2022-0492
- Patch: 3.10.0/CVE-2022-0492-cgroup-v1-Require-capabilities-to-set-release_agent.patch
- From: 3.10.0-1160.66.1.el7
- CVE-2022-1729
- Description:
perf: Fix sys_perf_event_open() race against self
- CVE: https://access.redhat.com/security/cve/CVE-2022-1729
- Patch: 3.10.0/CVE-2022-1729-perf-Fix-sys-perf-event-open-race-against-itself.patch
- From: 5.4.17-2136.307.3.2.el8uek
- CVE-2022-32250
- Description:
netfilter: nf_tables: disallow non-stateful expression in
- CVE: https://access.redhat.com/security/cve/CVE-2022-32250
- Patch: 3.10.0/CVE-2022-32250-nf_tables-disallow-non-stateful-expression-in-sets-earlier.patch
- From: 3.10.0-1160.71.1
- CVE-2022-21499
- Description:
Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation
- CVE:
- Patch: skipped/CVE-2022-21499.patch
- From:
- CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21127
- Description:
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
- CVE: https://access.redhat.com/security/cve/cve-2022-21127
- Patch: mmio-enable.patch
- From: 5.18
- CVE-2022-2588
- Description:
net_sched: cls_route: remove from list when handle is 0
- CVE: https://access.redhat.com/security/cve/cve-2022-2588
- Patch: 3.10.0/CVE-2022-2588.patch
- From: 3.10.0-1160.80.1.el7
- CVE-2022-23816
- Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
- CVE:
- Patch: skipped/CVE-2022-23816.patch
- From:
- CVE-2022-23825
- Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
- CVE:
- Patch: skipped/CVE-2022-23825.patch
- From:
- CVE-2022-26373
- Description:
Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.
- CVE:
- Patch: skipped/CVE-2022-26373.patch
- From:
- CVE-2022-29900
- Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
- CVE:
- Patch: skipped/CVE-2022-29900.patch
- From:
- CVE-2022-29901
- Description:
Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.
- CVE:
- Patch: skipped/CVE-2022-29901.patch
- From:
- CVE-2022-2964
- Description:
net: usb: ax88179_178a: fix packet alignment padding
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: 3.10.0/CVE-2022-2964-1510-net-usb-ax88179_178a-fix-packet-alignment-padding.patch
- From: kernel-3.10.0-1160.83.1.el7
- CVE-2022-2964
- Description:
ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: 3.10.0/CVE-2022-2964-1511-ax88179_178a-Merge-memcpy-le32_to_cpus-to-get_unalig.patch
- From: kernel-3.10.0-1160.83.1.el7
- CVE-2022-2964
- Description:
net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: 3.10.0/CVE-2022-2964-1512-net-usb-Merge-cpu_to_le32s-memcpy-to-put_unaligned_l.patch
- From: kernel-3.10.0-1160.83.1.el7
- CVE-2022-2964
- Description:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: 3.10.0/CVE-2022-2964-1518-net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
- From: kernel-3.10.0-1160.83.1.el7
- CVE-2022-2964
- Description:
net: usb: ax88179_178a: Fix packet receiving
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: 3.10.0/CVE-2022-2964-1519-net-usb-ax88179_178a-Fix-packet-receiving.patch
- From: kernel-3.10.0-1160.83.1.el7
- CVE-2021-26401
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.
- CVE:
- Patch: skipped/CVE-2021-26401.patch
- From:
- CVE-2022-4378
- Description:
proc: avoid integer type confusion in get_proc_long
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 3.10.0/CVE-2022-4378-1-proc-avoid-integer-type-confusion-in-get_proc_long.patch
- From: 3.10.0-1160.88.1.el7
- CVE-2022-4378
- Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 3.10.0/CVE-2022-4378-2-proc-sysctl-fix-return-error-for-proc_doulongvec_min.patch
- From: 3.10.0-1160.88.1.el7
- CVE-2022-43750
- Description:
usb: mon: make mmapped memory read only
- CVE: https://access.redhat.com/security/cve/CVE-2022-43750
- Patch: 3.10.0/CVE-2022-43750-usb-mon-make-mmapped-memory-read-only.patch
- From: 3.10.0-1160.90.1
- CVE-2022-3564
- Description:
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
- CVE: https://access.redhat.com/security/cve/CVE-2022-3564
- Patch: 3.10.0/CVE-2022-3564-Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_reassemble_sdu.patch
- From: 3.10.0-1160.95.1.el7
- CVE-2023-35788
- Description:
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
- CVE: https://access.redhat.com/security/cve/CVE-2023-35788
- Patch: rhel7/3.10.0-1160.99.1.el7/CVE-2023-35788-net-sched-flower-fix-possible-oob-write-in-fl-set-geneve-opt.patch
- From: 3.10.0-1160.99.1.el7
- CVE-2023-20593
- Description:
hw: amd: Cross-Process Information Leak
- CVE: https://access.redhat.com/security/cve/cve-2023-20593
- Patch: rhel7/3.10.0-1160.99.1.el7/CVE-2023-20593-zenbleed.patch
- From: 3.10.0-1160.99.1.el7
- CVE-2023-32233
- Description:
netfilter: nf_tables: deactivate anonymous set from preparation phase
- CVE: https://access.redhat.com/security/cve/CVE-2023-32233
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-32233
- Description:
netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2023-32233
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1-kpatch.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-32233
- Description:
netfilter: nf_tables: do not allow SET_ID to refer to another table
- CVE: https://access.redhat.com/security/cve/CVE-2023-32233
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-2.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-32233
- Description:
netfilter: nf_tables: skip deactivated anonymous sets during lookups
- CVE: https://access.redhat.com/security/cve/CVE-2023-32233
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-3.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-35001
- Description:
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
- CVE: https://access.redhat.com/security/cve/CVE-2023-35001
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-35001.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-3609
- Description:
Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow
- CVE: https://access.redhat.com/security/cve/CVE-2023-3609
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-3609-smart-backport-for-net-sched-cls-u32-c.patch
- From: 3.10.0-1160.102.1.el7
- CVE-2023-4208 CVE-2023-4128
- Description:
Smart Patch for net/sched/cls_u32.c
- CVE: https://access.redhat.com/security/cve/CVE-2023-4208
- Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-4208-smart-patch-for-net-sched-cls-u32-c.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2023-4207 CVE-2023-4128
- Description:
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-4207
- Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4207-net-sched-cls-fw-no-longer-copy-tcf-result-on-update-to-avoid.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2023-4206 CVE-2023-4128
- Description:
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-4206
- Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4206-net-sched-cls-route-no-longer-copy-tcf-result-on-update-to-avoid.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2023-3776
- Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-3776
- Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3776-net-sched-cls-fw-fix-improper-refcount-update-leads-to.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2023-3611
- Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
- CVE: https://access.redhat.com/security/cve/CVE-2023-3611
- Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3611-net-sched-sch-qfq-account-for-stab-overhead-in-qfq-enqueue.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2022-40982
- Description:
Complex adaptation required.
- CVE:
- Patch: skipped/CVE-2022-40982.patch
- From:
- CVE-2023-31436
- Description:
net/sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
- CVE: https://access.redhat.com/security/cve/CVE-2023-31436
- Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-31436-net-sched-sch_qfq-prevent-slab-out-of-bounds-in-qfq_.patch
- From: kernel-3.10.0-1160.105.1.el7
- CVE-2023-42753
- Description:
revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net
- CVE: https://access.redhat.com/security/cve/CVE-2023-42753
- Patch: rhel7/3.10.0-1160.108.1.el7/CVE-2023-42753-REVERT-net-netfilter-ipset-actually-allow-allowable-CIDR-0-.patch
- From: 3.10.0-1160.108.1.el7
- CVE-2022-42896
- Description:
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
- CVE: https://access.redhat.com/security/cve/CVE-2022-42896
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-accepting-connection-request-for-invalid-SPSM.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2022-42896
- Description:
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
- CVE: https://access.redhat.com/security/cve/CVE-2022-42896
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-l2cap_global_chan_by_psm.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2023-4921
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
- CVE: https://access.redhat.com/security/cve/CVE-2023-4921
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2023-4921
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2023-4921
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue-kpatch.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2023-38409
- Description:
fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472
- CVE:
- Patch: skipped/CVE-2023-38409.patch
- From:
- CVE-2023-45871
- Description:
igb: set max size RX buffer when store bad packet is enabled
- CVE: https://access.redhat.com/security/cve/CVE-2023-45871
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2023-45871
- Description:
igb: set max size RX buffer when store bad packet is enabled (adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2023-45871
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled-kpatch.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2024-1086
- Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
- CVE: https://access.redhat.com/security/cve/CVE-2024-1086
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2024-1086-netfilter-nf-tables-reject-queue-drop-verdict-parameters.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2024-26602
- Description:
sched/membarrier: reduce the ability to hammer on sys_membarrier
- CVE: https://access.redhat.com/security/cve/CVE-2024-26602
- Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2024-26602-sched-membarrier-reduce-the-ability-to-hammer-on-sys_membarrier.patch
- From: 3.10.0-1160.114.2.el7
- CVE-2023-4622
- Description:
[PATCH 1681/1699] af_unix: Fix null-ptr-deref in
- CVE: https://access.redhat.com/security/cve/CVE-2023-4622
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4622-patch-1681-1699-af-unix-fix-null-ptr-deref-in.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-4623
- Description:
[PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc
- CVE: https://access.redhat.com/security/cve/CVE-2023-4623
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1658-1699-net-sched-sch-hfsc-ensure-inner-classes-have-fsc.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-4623
- Description:
[PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it
- CVE: https://access.redhat.com/security/cve/CVE-2023-4623
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1659-1699-net-sched-sch-hfsc-upgrade-rt-to-sc-when-it.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-2002
- Description:
[PATCH 1686/1699] bluetooth: Perform careful capability checks in
- CVE: https://access.redhat.com/security/cve/CVE-2023-2002
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1686-1699-bluetooth-perform-careful-capability-checks-in.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-2002
- Description:
[PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of
- CVE: https://access.redhat.com/security/cve/CVE-2023-2002
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1689-1699-bluetooth-add-cmd-validity-checks-at-the-start-of.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2020-36558
- Description:
[PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX
- CVE: https://access.redhat.com/security/cve/CVE-2020-36558
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2020-36558-patch-1696-1699-vt-vt-ioctl-fix-race-in-vt-resizex.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-25775
- Description:
[PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration
- CVE: https://access.redhat.com/security/cve/CVE-2023-25775
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration.patch
- From: 3.10.0-1160.118.1.el7
- CVE-2023-25775
- Description:
RDMA/irdma: Prevent zero-length STAG registration (adaptation)
- CVE: https://ubuntu.com/security/CVE-2023-25775
- Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration-kpatch.patch
- From: 5.15.0-89.99
- CVE-2024-36971
- Description:
net: fix __dst_negative_advice() race
- CVE: https://access.redhat.com/security/cve/CVE-2024-36971
- Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2024-36971-ELSCVE-27162-net-fix-__dst_negative_advice-race.patch
- From: 3.10.0-1160.123.1.el7
- CVE-2022-1011
- Description:
fuse: fix pipe buffer lifetime for direct_io
- CVE: https://access.redhat.com/security/cve/CVE-2022-1011
- Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc.patch
- From: 3.10.0-1160.123.1.el7
- CVE-2022-1011
- Description:
fuse: fix pipe buffer lifetime for direct_io
- CVE: https://access.redhat.com/security/cve/CVE-2022-1011
- Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc-kpatch.patch
- From: 3.10.0-1160.123.1.el7
- CVE-2024-41071
- Description:
wifi: mac80211: Avoid address calculations via out of bounds array indexing
- CVE: https://access.redhat.com/security/cve/CVE-2024-41071
- Patch: rhel7/3.10.0-1160.125.1.el7/CVE-2024-41071-wifi-mac80211-Avoid-address-calculation.patch
- From: 3.10.0-1160.125.1.el7
- N/A
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- Patch: 3.10.0/proc-restrict-pagemap-access-1062.patch
- From: N/A