KernelCare Directory

kernel-uek-5.4.17-2136.319.1.3.el8uek (oel8-uek6)
Kernel Update Version: 5.4.17-2136.334.6.1.el8uek
Build Date: 2024-08-19 12:31:03
Release Date: 2024-08-22 08:33:17
Release: K20240819_08

CVE-2023-32233
Description:
netfilter: nf_tables: deactivate anonymous set from preparation phase
CVE: https://linux.oracle.com/cve/CVE-2023-32233.html
Patch: oel8-uek6/5.4.17-2136.320.7.el8uek/CVE-2023-32233-netfilter-nf_tables-deactivate-anonymous-set-from-pr.patch
From: 5.4.17-2136.320.7

CVE-2023-30456
Description:
KVM: nVMX: add missing consistency checks for CR0 and CR4
CVE: https://linux.oracle.com/cve/CVE-2023-30456.html
Patch: oel8-uek6/5.4.17-2136.320.7.el8uek/CVE-2023-30456-KVM-nVMX-add-missing-consistency-checks-for-CR0-and-CR4.patch
From: 5.4.17-2136.320.7

CVE-2022-34918
Description:
netfilter: nf_tables: stricter validation of element data
CVE: https://linux.oracle.com/cve/CVE-2022-34918.html
Patch: oel8-uek6/5.4.17-2136.321.4.el8uek/CVE-2022-34918-netfilter-nf_tables-stricter-validation-of-element-data.patch
From: 5.4.17-2136.321.4

CVE-2022-39189
Description:
KVM: x86: do not report a vCPU as preempted outside instruction boundaries (adaptation)
CVE: https://linux.oracle.com/cve/CVE-2022-39189.html
Patch: oel8-uek6/5.4.17-2136.321.4.el8uek/CVE-2022-39189-KVM-x86-do-not-report-a-vCPU-as-preempted-outside-instruction-boundaries-kpatch.patch
From: 5.4.17-2136.321.4

CVE-2022-40982
Description:
Complex adaptation required.
CVE:
Patch: skipped/CVE-2022-40982.patch
From:

CVE-2023-22024
Description:
rds: Fix lack of reentrancy for connection reset with dst addr zero
CVE: https://linux.oracle.com/cve/CVE-2023-22024.html
Patch: 5.4.17/CVE-2023-22024-rds-Fix-lack-of-reentrancy-for-connection-reset-with-dst-addr-zero.patch
From: 5.4.17-2136.323.8.1

CVE-2023-42753
Description:
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
CVE: https://linux.oracle.com/cve/CVE-2023-42753.html
Patch: 5.4.17/CVE-2023-42753-netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET0-macro-for-ip_set_hash_netportnet-c.patch
From: 5.4.17-2136.323.8.2

CVE-2023-20569
Description:
A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.
CVE:
Patch: skipped/CVE-2023-20569.patch
From:

CVE-2023-5090
Description:
x86: KVM: SVM: always update the x2avic msr interception
CVE: https://linux.oracle.com/cve/CVE-2023-5090.html
Patch: oel8-uek6/5.4.17-2136.324.5.3.el8uek/CVE-2023-5090-x86-KVM-SVM-always-update-the-x2avic-msr-interception.patch
From: 5.4.17-2136.324.5.3

CVE-2023-20588
Description:
x86/CPU/AMD: Do not leak quotient data after a division by 0
CVE: https://alas.aws.amazon.com/cve/html/CVE-2023-20588.html
Patch: oel8-uek6/5.4.17-2136.324.5.3.el8uek/CVE-2023-20588-x86-CPU-AMD-Do-not-leak-quotient-data-after-a-division-by-0.patch
From: kernel-4.14.322-244.539.amzn2

CVE-2023-1989
Description:
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
CVE: https://linux.oracle.com/cve/CVE-2023-1989.html
Patch: oel8-uek6/5.4.17-2136.325.5.el8uek/CVE-2023-1989-patch-bluetooth-btsdio-fix-use-after-free-bug-in-btsdio-remove.patch
From: 5.4.17-2136.325.5.el8uek

CVE-2023-5178
Description:
nvmet-tcp: Fix a possible UAF in queue intialization setup
CVE: https://linux.oracle.com/cve/CVE-2023-5178.html
Patch: oel8-uek6/5.4.17-2136.326.6.el8uek/CVE-2023-5178-nvmet-tcp-fix-a-possible-uaf-in-queue-intialization-setup.patch
From: 5.4.17-2136.326.6.el8uek

CVE-2023-45863
Description:
kobject: Fix slab-out-of-bounds in fill_kobj_path()
CVE: https://linux.oracle.com/cve/CVE-2023-45863.html
Patch: oel8-uek6/5.4.17-2136.328.3.el8uek/CVE-2023-45863-kobject-Fix-slab-out-of-bounds-in-fill_kobj_path.patch
From: 5.4.17-2136.328.3.

CVE-2023-4244
Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.
CVE:
Patch: skipped/CVE-2023-4244.patch
From:

CVE-2024-1086
Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
CVE: https://linux.oracle.com/cve/CVE-2024-1086.html
Patch: oel8-uek6/5.4.17-2136.329.3.2.el8uek/CVE-2024-1086-netfilter-nf_tables-reject-QUEUE-DROP-verdict-parameters-323.patch
From: 5.4.17-2136.329.3.2

CVE-2024-0340
Description:
vhost: use kzalloc() instead of kmalloc() followed by memset()
CVE: https://linux.oracle.com/cve/CVE-2024-0340.html
Patch: oel8-uek6/5.4.17-2136.330.7.1.el8uek/CVE-2024-0340-vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch
From: 5.4.17-2136.330.7.1

CVE-2024-0607
Description:
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
CVE: https://linux.oracle.com/cve/CVE-2024-0607.html
Patch: oel8-uek6/5.4.17-2136.330.7.1.el8uek/CVE-2024-0607-nf_tables-fix-pointer-math-issue-in-nft_byteorder_eval.patch
From: 5.4.17-2136.330.7.1

N/A
Description:
kpatch add alt asm definitions
CVE: N/A
Patch: 5.11.0/kpatch-add-alt-asm-definitions.patch
From: N/A

N/A
Description:
kpatch add alternative2 asm definition
CVE: https://www.kernel.org
Patch: 5.4.0/kpatch-add-alt2-asm-definitions.patch
From: N/A

CVE-2024-2201
Description:
x86/bhi: Add support for clearing branch history at syscall entry
CVE: https://ubuntu.com/security/CVE-2024-2201
Patch: 5.4.0/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry-5.4.patch
From: kernel-uek-5.4.17-2136.330.7.1.el8uek

CVE-2024-41090
Description:
tap: add missing verification for short frame
CVE: https://access.redhat.com/security/cve/CVE-2024-41090
Patch: 5.15.0/CVE-2024-41090-tap-add-missing-verification-for-short-frame.patch
From: 5.15.0-208.159.3.2

CVE-2024-41091
Description:
tun: add missing verification for short frame
CVE: https://access.redhat.com/security/cve/CVE-2024-41091
Patch: 5.15.0/CVE-2024-41091-tun-add-missing-verification-for-short-frame.patch
From: 5.15.0-208.159.3.2

CVE-2024-36971
Description:
net: fix __dst_negative_advice() race
CVE: https://linux.oracle.com/cve/CVE-2024-36971.html
Patch: oel8-uek6/5.4.17-2136.334.6.el8uek/CVE-2024-36971-net-fix-__dst_negative_advice-race-2136.327.patch
From: 5.4.17-2136.334.6

CVE-2024-38583
Description:
nilfs2: We cannot patch functions that sleep in kthread().
CVE:
Patch: skipped/CVE-2024-38583.patch
From:

CVE-2018-18445
Description:
kdb: Fix buffer overflow during tab-complete
CVE: https://linux.oracle.com/cve/CVE-2018-18445.html
Patch: oel8-uek6/5.4.17-2136.334.6.el8uek/CVE-2018-18445-kdb-Fix-buffer-overflow-during-tab-complete.patch
From: 5.4.17-2136.334.6

n/a
Description:
x86/xen: Add xenpv_restore_regs_and_return_to_usermode()
CVE: n/a
Patch: 5.4.17/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode.patch
From: v5.16

N/A
Description:
kpatch add paravirt asm definitions
CVE: N/A
Patch: 5.11.0/kpatch-add-paravirt-asm-definitions.patch
From: N/A

N/A
Description:
Restrict access to pagemap/kpageflags/kpagecount
CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Patch: 4.15.0/proc-restrict-pagemap-access.patch
From: N/A