- kernel-2.6.32-896.16.1.lve1.4.54.el6 (cl6)
- 2.6.32-954.3.5.lve1.4.93.el6
- 2024-05-23 22:00:37
- 2024-08-15 08:55:43
- K20240523_10
- CVE-2017-7645, CVSSv2 Score: 7.5
- Description:
nfsd: check for oversized NFSv2/v3 arguments
- CVE: https://access.redhat.com/security/cve/CVE-2017-7645
- Patch: 2.6.32/nfsd-check-for-oversized-NFSv2-v3-arguments.patch
- From: kernel-3.10.0-514.26.1.el7
- CVE-2017-18017, CVSSv2 Score: 6.5
- Description:
netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
- CVE: https://access.redhat.com/security/cve/cve-2017-18017
- Patch: 2.6.32/cve-2017-18017-netfilter-xt_TCPMSS-add-more-sanity-checks-cl6.patch
- From: 2.6.32-696.28.1.el6
- CVE-2018-10675, CVSSv2 Score: 5.5
- Description:
fix for use-after-free bug via crafted system calls in mm/mempolicy.c:do_get_mempolicy()
- CVE: https://access.redhat.com/security/cve/cve-2018-10675
- Patch: 2.6.32/CVE-2018-10675.patch
- From: kernel-2.6.32-754.el6
- CVE-2018-8897, CVSSv2 Score: 6.5
- Description:
x86/entry/64: Don't use IST entry for #BP stack
- CVE: https://access.redhat.com/security/cve/CVE-2018-8897
- Patch: 2.6.32/x86-entry-64-Don-t-use-IST-entry-for-BP-stack.patch
- From: 2.6.32-696.28.1.el6
- CVE-2018-8897, CVSSv2 Score: 6.5
- Description:
x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2018-8897
- Patch: 2.6.32/x86-entry-64-Don-t-use-IST-entry-for-BP-stack-kpatch-1.patch
- From: 2.6.32-696.28.1.el6
- CVE-2017-11176, CVSSv2 Score: 7.8
- Description:
mqueue: fix a use-after-free in sys_mq_notify()
- CVE: https://access.redhat.com/security/cve/cve-2017-11176
- Patch: 2.6.32/kernel-mqueue-fix-a-use-after-free-in-sys_mq_notify.patch
- From: 2.6.32-696.20.1.el6
- CVE-2017-9074, CVSSv2 Score: 5.5
- Description:
ipv6: Prevent overrun when parsing v6 header options
- CVE: https://access.redhat.com/security/cve/cve-2017-9074
- Patch: 2.6.32/net-ipv6-Prevent-overrun-when-parsing-v6-header-options.patch
- From: 2.6.32-696.20.1.el6
- CVE-2017-9074, CVSSv2 Score: 5.5
- Description:
ipv6: Check ip6_find_1stfragopt() return value properly.
- CVE: https://access.redhat.com/security/cve/cve-2017-9074
- Patch: 2.6.32/net-ipv6-Check-ip6_find_1stfragopt-return-value-properly.patch
- From: 2.6.32-696.20.1.el6
- CVE-2017-9074, CVSSv2 Score: 5.5
- Description:
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
- CVE: https://access.redhat.com/security/cve/cve-2017-9074
- Patch: 2.6.32/net-ipv6-xfrm-Handle-errors-reported-by-xfrm6_find_1stfragopt.patch
- From: 2.6.32-696.20.1.el6
- CVE-2017-7542, CVSSv2 Score: 5.5
- Description:
ipv6: avoid overflow of offset in ip6_find_1stfragopt
- CVE: https://access.redhat.com/security/cve/CVE-2017-7542
- Patch: 2.6.32/ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch
- From: 2.6.32-696.20.1.el6
- CVE-2017-1000410, CVSSv2 Score: 5.0
- Description:
bluetooth: Prevent stack info leak from the EFS element.
- CVE: https://access.redhat.com/security/cve/cve-2017-1000410
- Patch: 2.6.32/bluetooth-prevent-stack-info-leak-from-the-efs-element-pre-696.10.2.patch
- From: 2.6.32-696.28.1.el6
- CVE-2017-13166, CVSSv2 Score: 4.6
- Description:
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
- CVE: https://access.redhat.com/security/cve/cve-2017-13166
- Patch: 2.6.32/v4l-media-refactor-compat-ioctl32-logic.patch
- From: 2.6.32-696.28.1.el6
- CVE-2017-13166, CVSSv2 Score: 4.6
- Description:
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup
- CVE: https://access.redhat.com/security/cve/cve-2017-13166
- Patch: 2.6.32/v4l-media-refactor-compat-ioctl32-logic-fixup.patch
- From: 2.6.32-696.28.1.el6
- CVE-2018-3646 CVE-2018-3620, CVSSv2 Score: 5.6
- Description:
Add disable SMT knob
- CVE: https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
- Patch: 2.6.32/CVE-2018-3646-CVE-2018-3620-smt_disable.patch
- From: 2.6.32-754.3.5.el6
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: rhel-common/x86-cpu-intel-Introduce-macros-for-Intel-family-numb.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: rhel-common/x86-cpu-intel-Add-Knights-Mill-to-Intel-family.patch
- From: N/A
- CVE-2018-3646 CVE-2018-3620, CVSSv2 Score: 5.6
- Description:
Setup L1TF bug bit
- CVE: https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
- Patch: 2.6.32/CVE-2018-3646-l1tf-cpu-setup.patch
- From: 2.6.32-754.3.5.el6
- CVE-2018-3646, CVSSv2 Score: 5.6
- Description:
Add ability to flush l1d cache on vmexit
- CVE: https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html
- Patch: 2.6.32/CVE-2018-3646-vmx-l1d-flush.patch
- From: 2.6.32-754.3.5.el6
- n/a, CVSSv2 Score: n/a
- Description:
ext4: use __GFP_NOFAIL in ext4_free_blocks()
- CVE: n/a
- Patch: 2.6.32/ext4-use-__GFP_NOFAIL-in-ext4_free_blocks.patch
- From: 2.6.32-954.3.5.lve1.4.58.el6
- n/a, CVSSv2 Score: n/a
- Description:
ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors
- CVE: n/a
- Patch: 2.6.32/ext4-handle-the-rest-of-ext4_mb_load_buddy.patch
- From: 2.6.32-954.3.5.lve1.4.58.el6
- CVE-2017-15265, CVSSv2 Score: 5.5
- Description:
[sound] alsa: seq: Fix use-after-free at creating a port
- CVE: https://access.redhat.com/security/cve/CVE-2017-15265
- Patch: 2.6.32/ALSA-seq-Fix-use-after-free-at-creating-a-port.patch
- From: 2.6.32-754.3.5.el6
- CVE-2017-0861, CVSSv2 Score: 7
- Description:
[sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861)
- CVE: https://access.redhat.com/security/cve/CVE-2017-0861
- Patch: 2.6.32/sound-alsa-pcm-prevent-UAF-in-snd_pcm_info-CVE-2017-0861.patch
- From: 2.6.32-754.3.5.el6
- CVE-2018-10901, CVSSv2 Score: 7.8
- Description:
[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301)
- CVE: https://access.redhat.com/security/cve/CVE-2018-10901
- Patch: 2.6.32/kvm-VMX-Fix-host-GDT-LIMIT-corruption-CVE-2018-10301.patch
- From: 2.6.32-754.3.5.el6
- CVE-2018-10901, CVSSv2 Score: 7.8
- Description:
[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (kpatch adaptation)
- CVE: https://access.redhat.com/security/cve/CVE-2018-10901
- Patch: 2.6.32/kvm-VMX-Fix-host-GDT-LIMIT-corruption-CVE-2018-10301-kpatch-1.patch
- From: 2.6.32-754.3.5.el6
- CVE-2018-5390, CVSSv2 Score: 7.5
- Description:
[net] tcp: avoid collapses in tcp_prune_queue() if possible
- CVE: https://access.redhat.com/security/cve/CVE-2018-5390
- Patch: 2.6.32/CVE-2018-5390-0001-net-tcp-avoid-collapses-in-tcp_prune_queue-if-possible.patch
- From: 2.6.32-754.3.5.el6
- CVE-2018-5390, CVSSv2 Score: 7.5
- Description:
[net] tcp: detect malicious patterns in tcp_collapse_ofo_queue()
- CVE: https://access.redhat.com/security/cve/CVE-2018-5390
- Patch: 2.6.32/CVE-2018-5390-0002-net-tcp-detect-malicious-patterns-in-tcp_collapse_ofo_queue.patch
- From: 2.6.32-754.3.5.el6
- CVE-2017-18344, CVSSv2 Score: 7.1
- Description:
posix-timer: Properly check sigevent->sigev_notify
- CVE: https://access.redhat.com/security/cve/cve-2017-18344
- Patch: 2.6.32/CVE-2017-18344.patch
- From: 2.6.32-954.3.5.lve1.4.58.el6
- CVE-2016-1583, CVSSv2 Score: 6.9
- Description:
eCryptFS: allocate open requests on stack
- CVE: https://access.redhat.com/security/cve/cve-2016-1583
- Patch: 2.6.32/ecryptfs-allocate-open-requests-on-stack.patch
- From: kernel-2.6.32-642.11.1.el6
- CVE-2016-1583, CVSSv2 Score: 6.9
- Description:
eCryptFS: forbid opening files without mmap handler
- CVE: https://access.redhat.com/security/cve/cve-2016-1583
- Patch: 2.6.32/ecryptfs-forbid-opening-without-mmap-handler.patch
- From: kernel-2.6.32-642.11.1.el6
- CVE-2016-8633, CVSSv2 Score: 6.8
- Description:
firewire: net: guard against rx buffer overflows
- CVE: https://access.redhat.com/security/cve/CVE-2016-8633
- Patch: 2.6.32/CVE-2016-8633.patch
- From: >kernel-2.6.32-696.13.2.el6
- CVE-2018-14634, CVSSv2 Score: 7.8
- Description:
Limit arg stack to at most 75% of _STK_LIM
- CVE: https://access.redhat.com/security/cve/cve-2018-14634
- Patch: 2.6.32/limit-stack-arg-to-75-percent-of_STK_LIM-cl6.patch
- From: >kernel-2.6.32-754.3.5.el6
- CVE-2018-5391, CVSSv2 Score: 7.5
- Description:
Revert "net: increase fragment memory usage limits"
- CVE: https://access.redhat.com/security/cve/cve-2018-5391
- Patch: 2.6.32/Revert-net-increase-fragment-memory-usage-limits.patch
- From: >2.6.32-754.3.5.el6
- CVE-2018-5391, CVSSv2 Score: 7.5
- Description:
Revert "net: increase fragment memory usage limits"
- CVE: https://access.redhat.com/security/cve/cve-2018-5391
- Patch: 2.6.32/Revert-net-increase-fragment-memory-usage-limits-kpatch-1.patch
- From: >v2.6.32-754.3.5.el6
- CVE-2019-11190, CVSSv2 Score: 4.7
- Description:
binfmt_elf: switch to new creds when switching to new mm
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-11190
- Patch: 2.6.32/CVE-2019-11190.patch
- From: >4.8
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: enhance tcp collapsing
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/CKSIX-220-tcp-enhance-tcp-collapsing.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: avoid order-1 allocations on wifi and tx path
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/CKSIX-220-tcp-avoid-order-1-allocations-on-wifi-and-tx-path.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: enhance tcp_collapse_retrans() with skb_shift()
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/CKSIX-220-tcp-enhance-tcp_collapse_retrans-with-skb_shift.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: limit payload size of sacked skbs
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/CKSIX-220-tcp-limit-payload-size-of-sacked-skbs.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: enhance tcp collapsing
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/CKSIX-220-tcp-fix-fack_count-accounting-on-tcp_shift_skb_data.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2019-11478, CVSSv2 Score: 5.3
- Description:
tcp: tcp_fragment() should apply sane memory limits
- CVE: https://access.redhat.com/security/cve/cve-2019-11478
- Patch: 2.6.32/cve-2019-11478-tcp_fragments-to-apply-sane-memlims-v2.patch
- From: kernel-2.6.32-754.15.3.el6
- CVE-2019-11479, CVSSv2 Score: 5.3
- Description:
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
- CVE: https://access.redhat.com/security/cve/cve-2019-11479
- Patch: 2.6.32/cve-2019-11479-tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing.patch
- From: kernel-2.6.32-754.15.3.el6
- N/A, CVSSv2 Score: N/A
- Description:
kpatch adaptation - sysctl handle for minimal MSS
- CVE: N/A
- Patch: 2.6.32/cve-2019-11479-tcp-enforce-tcp_min_snd_mss-in-tcp_mtu_probing-kpatch-1.patch
- From: kernel-2.6.32-754.15.3.el6
- CVE-2019-11477, CVSSv2 Score: 7.5
- Description:
tcp: limit payload size of sacked skbs
- CVE: https://access.redhat.com/security/cve/cve-2019-11477
- Patch: 2.6.32/cve-2019-11477-move-mss-below.patch
- From: kernel-2.6.32-754.15.3.el6
- CVE-2018-10902, CVSSv2 Score: 7.8
- Description:
ALSA: rawmidi: Change resized buffers atomically
- CVE: https://access.redhat.com/security/cve/cve-2018-10902
- Patch: 2.6.32/cve-2018-10902.patch
- From: kernel-2.6.32-754.el6
- CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091, CVSSv2 Score: 6.5
- Description:
zombieload mitigation
- CVE: https://access.redhat.com/security/cve/cve-2018-12126 https://access.redhat.com/security/cve/cve-2018-12130 https://access.redhat.com/security/cve/cve-2018-12127
- Patch: 2.6.32/zombieload-mitigation-cl6-896.16.1.patch
- From: 2.6.32-754.14.2.el6
- N/A, CVSSv2 Score:
- Description:
map kpatch code that patch .entry.text section code
- CVE:
- Patch: 2.6.32/kpatch_map_kaiser_kp_text-cl6.patch
- From:
- CVE-2018-10902, CVSSv2 Score: 7.8
- Description:
ALSA: rawmidi: Change resized buffers atomically
- CVE: https://access.redhat.com/security/cve/cve-2018-10902
- Patch: 3.10.0/CVE-2018-10902-ALSA-rawmidi-shange-resize-buffers-atomically-2-pre-514.patch
- From: >=kernel-3.10.0-123.1.2.el7
- CVE-2019-3896, CVSSv2 Score: 7.0
- Description:
idr: fix backtrack logic in idr_remove_all
- CVE: https://access.redhat.com/security/cve/cve-2019-3896
- Patch: 2.6.32/cve-2019-3896-fix-backtrack-logic-in-idr_remove_all.patch
- From: kernel-2.6.32-754.15.3.el6
- CVE-2019-3896, CVSSv2 Score: 7.0
- Description:
idr: fix top layer handling
- CVE: https://access.redhat.com/security/cve/cve-2019-3896
- Patch: 2.6.32/cve-2019-3896-idr-fix-top-layer-handling.patch
- From: kernel-2.6.32-754.15.3.el6
- N/A, CVSSv2 Score: N/A
- Description:
tcp: check skb tailroom before collapsing
- CVE: N/A
- Patch: 2.6.32/CKSIX-224.patch
- From: >2.6.32-954.3.5.lve1.4.66.el6
- CVE-2017-17805, CVSSv2 Score: 5.5
- Description:
[crypto] salsa20 - fix blkcipher_walk API usage
- CVE: https://access.redhat.com/security/cve/CVE-2017-17805
- Patch: 2.6.32/crypto-salsa20-fix-blkcipher_walk-API-usage.patch
- From: 2.6.32-754.18.2.el6
- CVE-2019-5489, CVSSv2 Score: 7.1
- Description:
[mm] mincore.c: make mincore() more conservative
- CVE: https://access.redhat.com/security/cve/CVE-2019-5489
- Patch: 2.6.32/mm-mincore.c-make-mincore-more-conservative.patch
- From: 2.6.32-754.18.2.el6
- CVE-2018-17972, CVSSv2 Score: 3.3
- Description:
[fs] proc: restrict kernel stack dumps to root
- CVE: https://access.redhat.com/security/cve/CVE-2018-17972
- Patch: 2.6.32/proc-restrict-kernel-stack-dumps-to-root.patch
- From: 2.6.32-754.18.2.el6
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/cl6-adjust-context-in-arch-x86-include-asm-spec_ctrl.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/cl6-adjust-context-in-arch-x86-kernel-entry_64.S.patch
- From: N/A
- CVE-2019-1125, CVSSv2 Score: 5.9
- Description:
[x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
- CVE: https://access.redhat.com/security/cve/CVE-2019-1125
- Patch: 2.6.32/swapgs-fix-696.20.1.patch
- From: 2.6.32-754.18.2.el6
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/tcp-fix-tcp_trim_head.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/CKSIX-230-tcp-fix-retransmit-of-partially-acked-fram.patch
- From: N/A
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/CKSIX-230-tcp-fix-skb_availroom.patch
- From: N/A
- CVE-2019-14835, CVSSv2 Score: 7.2
- Description:
host: make sure log_num < in_num
- CVE: https://access.redhat.com/security/cve/CVE-2019-14835
- Patch: 2.6.32/CVE-2019-14835-vhost-make-sure-log_num-in_num.patch
- From: >2.6.32-754.22.1.el6
- CVE-2019-11810, CVSSv2 Score: 6.2
- Description:
scsi: megaraid_sas: return error when create DMA pool failed
- CVE: https://access.redhat.com/security/cve/cve-2019-11810
- Patch: 2.6.32/CVE-2019-11810-pre-696.patch
- From: kernel-2.6.32-754.22.1.el6
- CVE-2018-9568, CVSSv2 Score: 7
- Description:
net: Set sk_prot_creator when cloning sockets to the right proto
- CVE: https://access.redhat.com/security/cve/cve-2018-9568
- Patch: 2.6.32/CVE-2018-9568-el6.patch
- From: 2.6.32-754.22.1.el6
- CVE-2019-17055, CVSSv2 Score: 3.3
- Description:
mISDN: enforce CAP_NET_RAW for raw sockets
- CVE: https://linux.oracle.com/cve/CVE-2019-17055.html
- Patch: 2.6.32/CVE-2019-17055.patch
- From: 2.6.39-400.317.1.el6uek
- CVE-2019-17133, CVSSv2 Score: 8.8
- Description:
cfg80211: wext: avoid copying malformed SSIDs
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-17133
- Patch: 2.6.32/cve-2019-17133-cfg80211-wext-avoid-copying-malformed-SSID.patch
- From: kernel-2.6.32-754.28.1.el6
- CVE-2018-12207, CVSSv2 Score: 6.5
- Description:
kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2018-12207
- Patch: 2.6.32/CVE-2018-12207-mitigation.patch
- From: kernel-2.6.32-754.23.1.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [1/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1171-drm-drm-i915-gtt-Add-read-only-pages-to-gen8_pte_enc-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [2/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1172-drm-erm-i915-gtt-Read-only-pages-for-insert_entries-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [4/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1174-drm-drm-i915-Rename-gen7-cmdparser-tables-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [5/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1175-drm-drm-i915-Disable-Secure-Batches-for-gen6-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [6/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1176-drm-drm-i915-Remove-Master-tables-from-cmdparser-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [7/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1177-drm-drm-i915-Add-support-for-mandatory-cmdparsing-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [8/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1178-drm-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shado-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [11/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1181-drm-drm-i915-cmdparser-Add-support-for-backward-jump-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [12/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1182-drm-drm-i915-cmdparser-Ignore-Length-operands-during-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0154, CVSSv2 Score: 6.5
- Description:
fixed possible hw level crash if MMIO registers were read while the i915 GPU was in a low-power state [1/2] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0154
- Patch: 2.6.32/i915/1183-drm-drm-i915-gen8-Add-RC6-CTX-corruption-WA-lt-642.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-14821, CVSSv2 Score: 7.0
- Description:
KVM: MMIO: Lock coalesced device when checking for available entry
- CVE: https://access.redhat.com/security/cve/cve-2019-14821
- Patch: 2.6.32/CVE-2019-14821-1.patch
- From: 2.6.32-754.25.1.el6
- CVE-2019-14821, CVSSv2 Score: 7.0
- Description:
KVM: coalesced_mmio: add bounds checking
- CVE: https://access.redhat.com/security/cve/cve-2019-14821
- Patch: 2.6.32/CVE-2019-14821-2.patch
- From: 2.6.32-754.25.1.el6
- CVE-2017-6951, CVSSv2 Score: 5.5
- Description:
KEYS: Change the name of the dead type to ".dead" to prevent user access
- CVE: http://people.canonical.com/~ubuntu-security/cve/CVE-2017-6951
- Patch: 3.13.0/422472-KEYS-Change-the-name-of-the-dead-type-to-.dead-to-.patch
- From: kernel-3.13.0-130.179
- CVE-2017-6951, CVSSv2 Score: 5.5
- Description:
KEYS: Change the name of the dead type to ".dead" to prevent user access (kpatch adaptation)
- CVE: http://people.canonical.com/~ubuntu-security/cve/CVE-2017-6951
- Patch: 2.6.32/422472-KEYS-Change-the-name-of-the-dead-type-to-.dead-to-kpatch-1.patch
- From: kernel-3.13.0-130.179
- CVE-2021-22555, CVSSv2 Score: 7.8
- Description:
netfilter: x_tables: fix compat match/target pad out-of-bound write
- CVE: https://access.redhat.com/security/cve/CVE-2021-22555
- Patch: 2.6.32/CVE-2021-22555.patch
- From: v5.12
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-CL-2.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27364 CVE-2021-27363, CVSSv2 Score: 6.3
- Description:
scsi: iscsi: Restrict sessions and handles to admin capabilities
- CVE: https://access.redhat.com/security/cve/cve-2021-27364
- Patch: 2.6.32/CVE-2021-27363-CVE-2021-27364-scsi-iscsi-Restrict-sessions-and-handles-to-admin-ca.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
scsi: iscsi: Verify lengths on passthrough PDU
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-scsi-iscsi-Verify-lengths-on-passthrough-PDUs.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-scsi-iscsi-Ensure-sysfs-attributes-are-limited-to-PA.patch
- From: 2.6.32-754.35.3.el6
- CVE-2020-29661, CVSSv2 Score: 7.8
- Description:
tty: Fix ->pgrp locking in tiocspgrp()
- CVE: https://access.redhat.com/security/cve/CVE-2020-29661
- Patch: 2.6.32/CVE-2020-29661-tty-Fix-pgrp-locking-in-tiocspgrp.patch
- From: 2.6.32-754.39.1
- CVE-2021-20265, CVSSv2 Score: 5.1
- Description:
af_unix: fix struct pid memory leak
- CVE: https://access.redhat.com/security/cve/cve-2021-20265
- Patch: 2.6.32/CVE-2021-20265-0001-af_unix-fix-struct-pid-memory-leak.patch
- From: 2.6.32-754.39.1.el6
- CVE-2019-14897 CVE-2019-14896, CVSSv2 Score: 9.8
- Description:
more overflows in marvell wifi driver
- CVE: https://security-tracker.debian.org/tracker/CVE-2019-14896
- Patch: 2.6.32/cve-2019-14896-14897-fix-two-buffer-overflows-at-parsing-bss-desc.patch
- From: kernel-2.6.32-754.33.1
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer-896.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: n/a
- Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer (adaptation)
- CVE: n/a
- Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer-896-kpatch.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/cma: Add missing locking to rdma_accept()
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1202-RDMA-ucma-Add-missing-locking-to-rdma_accept.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Fix the locking of ctx->file
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1203-RDMA-ucma-Fix-the-locking-of-ctx-file.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1205-RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch
- From: 2.6.32-754.35.8.el6
- CVE-2021-32399, CVSSv2 Score: 7.0
- Description:
bluetooth: eliminate the potential race condition
- CVE: https://access.redhat.com/security/cve/cve-2021-21299
- Patch: 2.6.32/CVE-2021-32399-bluetooth-eliminate-the-po.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-0466, CVSSv2 Score: 7.8
- Description:
epoll: Keep a reference on files added to the check list
- CVE: https://access.redhat.com/security/cve/CVE-2020-0466
- Patch: 2.6.32/CVE-2020-0466-epoll-Keep-a-reference-on-files-added-to-the-check-954.patch
- From: 2.6.32-754.35.1.el6
- CVE-2021-0920, CVSSv2 Score: 6.4
- Description:
af_unix: fix garbage collect vs MSG_PEEK
- CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
- Patch: 2.6.32/CVE-2021-0920-af_unix-fix-garbage-collect-vs-MSG_PEEK.patch
- From: 2.6.32-754.35.1.el6
- CVE-2021-0920, CVSSv2 Score: 6.4
- Description:
af_unix: fix garbage collect vs MSG_PEEK (adaptation)
- CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
- Patch: 3.10.0/CVE-2021-0920-kpatch.patch
- From: 4.1.12-124.59.1.2
- CVE-2021-4155, CVSSv2 Score: 5.5
- Description:
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
- CVE: https://access.redhat.com/security/cve/CVE-2021-4155
- Patch: 2.6.32/CVE-2021-4155-xfs-map-unwritten-blocks-in-XFS_IOC_ALLOC-FREESP-just-like.patch
- From: 2.6.32-754.35.8.el6
- CVE-2022-0492, CVSSv2 Score: 7.8
- Description:
cgroup-v1: Require capabilities to set release_agent
- CVE: https://security-tracker.debian.org/tracker/CVE-2022-0492
- Patch: 2.6.32/CVE-2022-0492-cgroup-v1-Require-capabilities-to-set-release_agent-openvz.patch
- From: 2.6.32-954.3.5.lve1.4.89.el6
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: avoid integer type confusion in get_proc_long
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 2.6.32/CVE-2022-4378-0001-proc-avoid-integer-type-confusion-in-get_proc_long.patch
- From: 2.6.32-754.50.1.el6
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 2.6.32/CVE-2022-4378-0002-proc-proc_skip_spaces-shouldn-t-think-it-is-working-.patch
- From: 2.6.32-754.50.1.el6
- CVE-2020-0543, CVSSv2 Score: 6.5
- Description:
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
- CVE: https://www.vusec.net/projects/crosstalk/
- Patch: srbds-enable.patch
- From: N/A
- CVE-2019-11487, CVSSv2 Score: 7.8
- Description:
prevent page refcount overflow
- CVE: https://access.redhat.com/security/cve/cve-2019-11487
- Patch: 2.6.32/cve-2019-11487.patch
- From: kernel-2.6.32-754.35.1.el6
- CVE-2014-4508, CVSSv2 Score:
- Description:
Out of scope as the patch is for x86_32 arch only, x86_64 is not affected
- CVE:
- Patch: skipped/CVE-2014-4508.patch
- From:
- CVE-2021-33909, CVSSv2 Score:
- Description:
not affected without caused-by commit 058504edd026 fs/seq_file: fallback to vmalloc allocation
- CVE:
- Patch: skipped/CVE-2021-33909.patch
- From:
- CVE-2020-12362, CVSSv2 Score:
- Description:
Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected
- CVE:
- Patch: skipped/CVE-2020-12362.patch
- From:
- CVE-2021-3347, CVSSv2 Score: 7.4
- Description:
futex: Handle faults correctly for PI futexes
- CVE: https://access.redhat.com/security/cve/cve-2021-3347
- Patch: 2.6.32/CVE-2021-3347-futex-Handle-faults-correctly-for-PI-futexes.patch
- From: >2.6.32-754.35.1
- CVE-2021-3347, CVSSv2 Score: 7.4
- Description:
futex: Provide and use pi_state_update_owner()
- CVE: https://access.redhat.com/security/cve/cve-2021-3347
- Patch: 2.6.32/CVE-2021-3347-futex-Provide-and-use-pi_state_update_owner.patch
- From: >2.6.32-754.35.1
- CVE-2021-22543, CVSSv2 Score: 7.8
- Description:
KVM: do not allow mapping valid but non-reference-counted pages
- CVE: https://access.redhat.com/security/cve/cve-2021-22543
- Patch: 2.6.32/CVE-2021-22543-KVM-do-not-allow-mapping-valid-but-non-reference-co-954.patch
- From: 2.6.32-754.48.1.el6
- CVE-2021-26401, CVSSv2 Score:
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.
- CVE:
- Patch: skipped/CVE-2021-26401.patch
- From:
- CVE-2023-3776, CVSSv2 Score: 7.0
- Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-3776
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-3776.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2023-31436, CVSSv2 Score: 7.0
- Description:
net: sched: sch_qfq: prevent slab-out-of-bounds in
- CVE: https://access.redhat.com/security/cve/CVE-2023-31436
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-31436-v573.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2020-11565, CVSSv2 Score: 7.8
- Description:
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-11565
- Patch: 2.6.32/cve-2020-11565-mempolicy-require-at-least-one-nodeid.patch
- From: kernel-2.6.32-754.29.1.el6
- CVE-2020-10942, CVSSv2 Score: 5.3
- Description:
vhost: Check docket sk_family instead of call getname
- CVE: https://access.redhat.com/security/cve/cve-2020-10942
- Patch: 2.6.32/cve-2020-10942-vhost-check-docket-sk_family.patch
- From: kernel-2.6.32-754.29.1.el6
- N/A, CVSSv2 Score:
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- Patch: 2.6.32/proc-restrict-pagemap-access.patch
- From:
- N/A, CVSSv2 Score:
- Description:
vmx_vcpu_run wrapper
- CVE:
- Patch: 2.6.32/x86-kvm-vmx_vcpu_run-wrapper.patch
- From:
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/kpatch-add-paravirt-asm-definitions-696.20.1.patch
- From: N/A