- kernel-5.14.0-427.42.1.el9_4 (oel9)
- 5.14.0-503.14.1.el9_5
- 2024-11-29 13:38:53
- 2024-12-03 08:41:47
- K20241129_05
- CVE-2019-25162, CVSSv2 Score: 7.8
- Description:
i2c: Fix a potential use after free
- CVE: https://access.redhat.com/security/cve/CVE-2019-25162
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2019-25162-i2c__Fix_a_potential_use_after_free.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2022-48672, CVSSv2 Score: 7.8
- Description:
of: fdt: fix off-by-one error in unflatten_dt_nodes()
- CVE: https://access.redhat.com/security/cve/CVE-2022-48672
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48672-of-fdt-fix-off-by-one-error-in-unflatten-dt-nodes.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2023-52445, CVSSv2 Score: 7.8
- Description:
media: pvrusb2: fix use after free on context disconnection
- CVE: https://access.redhat.com/security/cve/CVE-2023-52445
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52445-media-pvrusb2-fix-use-after-free-on-context-disconnection.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2023-52451, CVSSv2 Score:
- Description:
Out of scope as the patch is for powerpc arch only, x86_64 is not affected
- CVE:
- Patch: skipped/CVE-2023-52451.patch
- From:
- CVE-2023-52464, CVSSv2 Score: 7.8
- Description:
EDAC/thunderx: Fix possible out-of-bounds string access
- CVE: https://access.redhat.com/security/cve/CVE-2023-52464
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52464-edac-thunderx-fix-possible-out-of-bounds-string-access.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26882, CVSSv2 Score: 7.8
- Description:
net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
- CVE: https://access.redhat.com/security/cve/CVE-2024-26882
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26882-net-ip-tunnel-make-sure-to-pull-inner-header-in-ip-tunnel-rcv.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-23307, CVSSv2 Score: 7.8
- Description:
md/raid5: fix atomicity violation in raid5_cache_count
- CVE: https://access.redhat.com/security/cve/CVE-2024-23307
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23307-md-raid5-fix-atomicity-violation-in-raid5_cache_count.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26589, CVSSv2 Score: 7.8
- Description:
bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
- CVE: https://access.redhat.com/security/cve/CVE-2024-26589
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26589-bpf-reject-variable-offset-alu-on-ptr-to-flow-keys.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26907, CVSSv2 Score: 7.8
- Description:
RDMA/mlx5: Fix fortify source warning while accessing Eth segment
- CVE: https://access.redhat.com/security/cve/CVE-2024-26907
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26907-rdma-mlx5-fix-fortify-source-warning-while-accessing-eth-segment.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2021-47386, CVSSv2 Score: 7.8
- Description:
hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field
- CVE: https://access.redhat.com/security/cve/CVE-2021-47386
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47386-hwmon___w83791d__Fix_NULL_pointer_dereference_by_r.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-35801, CVSSv2 Score: 7.8
- Description:
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
- CVE: https://access.redhat.com/security/cve/CVE-2024-35801
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-38627, CVSSv2 Score: 7.8
- Description:
stm class: Fix a double free in stm_register_device()
- CVE: https://access.redhat.com/security/cve/CVE-2024-38627
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38627-stm-class-fix-a-double-free-in-stm-register-device.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-38555, CVSSv2 Score: 7.8
- Description:
net/mlx5: Discard command completions in internal error
- CVE: https://access.redhat.com/security/cve/CVE-2024-38555
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38555-net-mlx5-discard-command-completions-in-internal-error.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26934, CVSSv2 Score: 7.8
- Description:
USB: core: Fix deadlock in usb_deauthorize_interface()
- CVE: https://access.redhat.com/security/cve/CVE-2024-26934
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26934-usb-core-fix-deadlock-in-usb-deauthorize-interface.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-39291, CVSSv2 Score:
- Description:
Out of scope: not affected
- CVE:
- Patch: skipped/CVE-2024-39291.patch
- From:
- CVE-2024-38581, CVSSv2 Score: 7.8
- Description:
drm/amdgpu/mes: fix use-after-free issue
- CVE: https://access.redhat.com/security/cve/CVE-2024-38581
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38581-drm-amdgpu-mes-fix-use-after-free-issue.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-40903, CVSSv2 Score: 7.8
- Description:
usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
- CVE: https://access.redhat.com/security/cve/CVE-2024-40903
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40903-usb-typec-tcpm-fix-use-after-free-case-in-tcpm-register-source-caps.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26933, CVSSv2 Score: 7.8
- Description:
USB: core: Fix deadlock in port "disable" sysfs attribute
- CVE: https://access.redhat.com/security/cve/CVE-2024-26933
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-01-USB-core-Add-hub_get-and-hub_put-routines.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26933, CVSSv2 Score: 7.8
- Description:
USB: core: Fix deadlock in port "disable" sysfs attribute
- CVE: https://access.redhat.com/security/cve/CVE-2024-26933
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-02-usb-core-fix-deadlock-in-port-disable-sysfs-attribute.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-39479, CVSSv2 Score: 7.8
- Description:
USB: core: Fix deadlock in port "disable" sysfs attribute
- CVE: https://access.redhat.com/security/cve/CVE-2024-39479
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39479-drm-i915-hwmon-get-rid-of-devm.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-36031, CVSSv2 Score: 9.8
- Description:
keys: Fix overwrite of key expiration on instantiation
- CVE: https://access.redhat.com/security/cve/CVE-2024-36031
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36031-keys-fix-overwrite-of-key-expiration-on-instantiation.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-36896, CVSSv2 Score: 9.1
- Description:
USB: core: Fix access violation during port device removal
- CVE: https://access.redhat.com/security/cve/CVE-2024-36896
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36896-usb-core-fix-access-violation-during-port-device-removal.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-35854, CVSSv2 Score: 9.1
- Description:
mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
- CVE: https://access.redhat.com/security/cve/CVE-2024-35854
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35854-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-38605, CVSSv2 Score:
- Description:
Not a bug for a real-life RHEL9 setup
- CVE:
- Patch: skipped/CVE-2024-38605.patch
- From:
- CVE-2024-36905, CVSSv2 Score: 9.8
- Description:
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
- CVE: https://access.redhat.com/security/cve/CVE-2024-36905
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36905-tcp-defer-shutdown-send-shutdown-for-tcp-syn-recv-sockets.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-26927, CVSSv2 Score: 8.4
- Description:
ASoC: SOF: Add some bounds checking to firmware data
- CVE: https://access.redhat.com/security/cve/CVE-2024-26927
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26927-asoc-sof-add-some-bounds-checking-to-firmware-data.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-42154, CVSSv2 Score: 9.8
- Description:
tcp_metrics: validate source addr length
- CVE: https://access.redhat.com/security/cve/CVE-2024-42154
- Patch: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42154-tcp-metrics-validate-source-addr-length-kpatch.patch
- From: 5.14.0-503.11.1.el9_5
- CVE-2024-42283, CVSSv2 Score: 5.5
- Description:
net: nexthop: Initialize all fields in dumped nexthops
- CVE: https://access.redhat.com/security/cve/CVE-2024-42283
- Patch: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-42283-net-nexthop-initialize-all-fields-in-dumped-nexthops.patch
- From: 5.14.0-503.14.1.el9_5
- CVE-2024-46858, CVSSv2 Score: 7.0
- Description:
mptcp: pm: Fix uaf in __timer_delete_sync
- CVE: https://access.redhat.com/security/cve/CVE-2024-46858
- Patch: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-46858-mptcp-pm-fix-uaf-in-timer-delete-sync.patch
- From: 5.14.0-503.14.1.el9_5