KernelCare Directory

kernel-uek-5.4.17-2136.321.4.el8uek (oel8-uek6)
Kernel Update Version: 5.4.17-2136.331.7.el8uek
Build Date: 2024-06-26 19:34:26
Release Date: 2024-07-09 12:06:32
Release: K20240626_11

CVE-2022-40982, CVSSv2 Score:
Description:
Complex adaptation required.
CVE:
Patch: skipped/CVE-2022-40982.patch
From:

CVE-2023-22024, CVSSv2 Score: 5.5
Description:
rds: Fix lack of reentrancy for connection reset with dst addr zero
CVE: https://linux.oracle.com/cve/CVE-2023-22024.html
Patch: 5.4.17/CVE-2023-22024-rds-Fix-lack-of-reentrancy-for-connection-reset-with-dst-addr-zero.patch
From: 5.4.17-2136.323.8.1

CVE-2023-42753, CVSSv2 Score: 7.8
Description:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
CVE: https://linux.oracle.com/cve/CVE-2023-42753.html
Patch: 5.4.17/CVE-2023-42753-netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET0-macro-for-ip_set_hash_netportnet-c.patch
From: 5.4.17-2136.323.8.2

CVE-2023-20569, CVSSv2 Score:
Description:
A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.
CVE:
Patch: skipped/CVE-2023-20569.patch
From:

CVE-2023-5090, CVSSv2 Score: n/a
Description:
x86: KVM: SVM: always update the x2avic msr interception
CVE: https://linux.oracle.com/cve/CVE-2023-5090.html
Patch: oel8-uek6/5.4.17-2136.324.5.3.el8uek/CVE-2023-5090-x86-KVM-SVM-always-update-the-x2avic-msr-interception.patch
From: 5.4.17-2136.324.5.3

CVE-2023-20588, CVSSv2 Score: 5.5
Description:
x86/CPU/AMD: Do not leak quotient data after a division by 0
CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-20588.html
Patch: oel8-uek6/5.4.17-2136.324.5.3.el8uek/CVE-2023-20588-x86-CPU-AMD-Do-not-leak-quotient-data-after-a-division-by-0.patch
From: kernel-4.14.322-244.539.amzn2

CVE-2023-1989, CVSSv2 Score: 7.0
Description:
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
CVE: https://linux.oracle.com/cve/CVE-2023-1989.html
Patch: oel8-uek6/5.4.17-2136.325.5.el8uek/CVE-2023-1989-patch-bluetooth-btsdio-fix-use-after-free-bug-in-btsdio-remove.patch
From: 5.4.17-2136.325.5.el8uek

CVE-2023-5178, CVSSv2 Score: 8.8
Description:
nvmet-tcp: Fix a possible UAF in queue intialization setup
CVE: https://linux.oracle.com/cve/CVE-2023-5178.html
Patch: oel8-uek6/5.4.17-2136.326.6.el8uek/CVE-2023-5178-patch-nvmet-tcp-fix-a-possible-uaf-in-queue-intialization-setup.patch
From: 5.4.17-2136.326.6.el8uek

CVE-2023-45863, CVSSv2 Score: 6.4
Description:
kobject: Fix slab-out-of-bounds in fill_kobj_path()
CVE: https://linux.oracle.com/cve/CVE-2023-45863.html
Patch: oel8-uek6/5.4.17-2136.328.3.el8uek/CVE-2023-45863-kobject-Fix-slab-out-of-bounds-in-fill_kobj_path.patch
From: 5.4.17-2136.328.3.

CVE-2023-4244, CVSSv2 Score:
Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.
CVE:
Patch: skipped/CVE-2023-4244.patch
From:

CVE-2024-1086, CVSSv2 Score: 7.0
Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
CVE: https://linux.oracle.com/cve/CVE-2024-1086.html
Patch: oel8-uek6/5.4.17-2136.329.3.2.el8uek/CVE-2024-1086-netfilter-nf_tables-reject-QUEUE-DROP-verdict-parameters-323.patch
From: 5.4.17-2136.329.3.2

CVE-2024-0340, CVSSv2 Score: 4.4
Description:
vhost: use kzalloc() instead of kmalloc() followed by memset()
CVE: https://linux.oracle.com/cve/CVE-2024-0340.html
Patch: oel8-uek6/5.4.17-2136.330.7.1.el8uek/CVE-2024-0340-vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch
From: 5.4.17-2136.330.7.1

CVE-2024-0607, CVSSv2 Score: 6.6
Description:
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
CVE: https://linux.oracle.com/cve/CVE-2024-0607.html
Patch: oel8-uek6/5.4.17-2136.330.7.1.el8uek/CVE-2024-0607-nf_tables-fix-pointer-math-issue-in-nft_byteorder_eval.patch
From: 5.4.17-2136.330.7.1

CVE-2024-2201, CVSSv2 Score:
Description:
Requires microcode update. Can't be fixed with kernelcare live patching.
CVE:
Patch: skipped/CVE-2024-2201.patch
From:

N/A, CVSSv2 Score: N/A
Description:
kpatch add alt asm definitions
CVE: N/A
Patch: 5.11.0/kpatch-add-alt-asm-definitions.patch
From: N/A

N/A, CVSSv2 Score: N/A
Description:
kpatch add alternative2 asm definition
CVE: https://www.kernel.org
Patch: 5.4.0/kpatch-add-alt2-asm-definitions.patch
From: N/A

CVE-2024-2201, CVSSv2 Score: 4.7
Description:
x86/bhi: Add support for clearing branch history at syscall entry
CVE: https://ubuntu.com/security/CVE-2024-2201
Patch: 5.4.0/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry-5.4.patch
From: kernel-uek-5.4.17-2136.330.7.1.el8uek

n/a, CVSSv2 Score: n/a
Description:
x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
CVE: n/a
Patch: 5.4.17/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode.patch
From: v5.16

N/A, CVSSv2 Score: N/A
Description:
kpatch add paravirt asm definitions
CVE: N/A
Patch: 5.11.0/kpatch-add-paravirt-asm-definitions.patch
From: N/A

N/A, CVSSv2 Score: N/A
Description:
Restrict access to pagemap/kpageflags/kpagecount
CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Patch: 4.15.0/proc-restrict-pagemap-access.patch
From: N/A