KernelCare Directory

kernel-3.10.0-1160.71.1.el7 (rhel7)
Kernel Update Version: 3.10.0-1160.125.1.el7
Build Date: 2024-10-17 13:00:23
Release Date: 2024-10-30 16:40:25
Release: K20241017_10

CVE-2022-21499, CVSSv2 Score:
Description:
Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation
CVE:
Patch: skipped/CVE-2022-21499.patch
From:

CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21127, CVSSv2 Score: 6.1
Description:
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE: https://access.redhat.com/security/cve/cve-2022-21127
Patch: mmio-enable.patch
From: 5.18

CVE-2022-2588, CVSSv2 Score: 7.8
Description:
net_sched: cls_route: remove from list when handle is 0
CVE: https://access.redhat.com/security/cve/cve-2022-2588
Patch: 3.10.0/CVE-2022-2588.patch
From: 3.10.0-1160.80.1.el7

CVE-2022-23816, CVSSv2 Score:
Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
CVE:
Patch: skipped/CVE-2022-23816.patch
From:

CVE-2022-23825, CVSSv2 Score:
Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
CVE:
Patch: skipped/CVE-2022-23825.patch
From:

CVE-2022-26373, CVSSv2 Score:
Description:
Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.
CVE:
Patch: skipped/CVE-2022-26373.patch
From:

CVE-2022-29900, CVSSv2 Score:
Description:
Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.
CVE:
Patch: skipped/CVE-2022-29900.patch
From:

CVE-2022-29901, CVSSv2 Score:
Description:
Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.
CVE:
Patch: skipped/CVE-2022-29901.patch
From:

CVE-2022-2964, CVSSv2 Score: 7.8
Description:
net: usb: ax88179_178a: fix packet alignment padding
CVE: https://access.redhat.com/security/cve/CVE-2022-2964
Patch: 3.10.0/CVE-2022-2964-1510-net-usb-ax88179_178a-fix-packet-alignment-padding.patch
From: kernel-3.10.0-1160.83.1.el7

CVE-2022-2964, CVSSv2 Score: 7.8
Description:
ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
CVE: https://access.redhat.com/security/cve/CVE-2022-2964
Patch: 3.10.0/CVE-2022-2964-1511-ax88179_178a-Merge-memcpy-le32_to_cpus-to-get_unalig.patch
From: kernel-3.10.0-1160.83.1.el7

CVE-2022-2964, CVSSv2 Score: 7.8
Description:
net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32
CVE: https://access.redhat.com/security/cve/CVE-2022-2964
Patch: 3.10.0/CVE-2022-2964-1512-net-usb-Merge-cpu_to_le32s-memcpy-to-put_unaligned_l.patch
From: kernel-3.10.0-1160.83.1.el7

CVE-2022-2964, CVSSv2 Score: 7.8
Description:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE: https://access.redhat.com/security/cve/CVE-2022-2964
Patch: 3.10.0/CVE-2022-2964-1518-net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
From: kernel-3.10.0-1160.83.1.el7

CVE-2022-2964, CVSSv2 Score: 7.8
Description:
net: usb: ax88179_178a: Fix packet receiving
CVE: https://access.redhat.com/security/cve/CVE-2022-2964
Patch: 3.10.0/CVE-2022-2964-1519-net-usb-ax88179_178a-Fix-packet-receiving.patch
From: kernel-3.10.0-1160.83.1.el7

CVE-2021-26401, CVSSv2 Score:
Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.
CVE:
Patch: skipped/CVE-2021-26401.patch
From:

CVE-2022-4378, CVSSv2 Score: 7.8
Description:
proc: avoid integer type confusion in get_proc_long
CVE: https://access.redhat.com/security/cve/CVE-2022-4378
Patch: 3.10.0/CVE-2022-4378-1-proc-avoid-integer-type-confusion-in-get_proc_long.patch
From: 3.10.0-1160.88.1.el7

CVE-2022-4378, CVSSv2 Score: 7.8
Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
CVE: https://access.redhat.com/security/cve/CVE-2022-4378
Patch: 3.10.0/CVE-2022-4378-2-proc-sysctl-fix-return-error-for-proc_doulongvec_min.patch
From: 3.10.0-1160.88.1.el7

CVE-2022-43750, CVSSv2 Score: 6.7
Description:
usb: mon: make mmapped memory read only
CVE: https://access.redhat.com/security/cve/CVE-2022-43750
Patch: 3.10.0/CVE-2022-43750-usb-mon-make-mmapped-memory-read-only.patch
From: 3.10.0-1160.90.1

CVE-2022-3564, CVSSv2 Score: 7.1
Description:
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
CVE: https://access.redhat.com/security/cve/CVE-2022-3564
Patch: 3.10.0/CVE-2022-3564-Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_reassemble_sdu.patch
From: 3.10.0-1160.95.1.el7

CVE-2023-35788, CVSSv2 Score: 7.8
Description:
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
CVE: https://access.redhat.com/security/cve/CVE-2023-35788
Patch: rhel7/3.10.0-1160.99.1.el7/CVE-2023-35788-net-sched-flower-fix-possible-oob-write-in-fl-set-geneve-opt.patch
From: 3.10.0-1160.99.1.el7

CVE-2023-20593, CVSSv2 Score: 6.5
Description:
hw: amd: Cross-Process Information Leak
CVE: https://access.redhat.com/security/cve/cve-2023-20593
Patch: rhel7/3.10.0-1160.99.1.el7/CVE-2023-20593-zenbleed.patch
From: 3.10.0-1160.99.1.el7

CVE-2023-32233, CVSSv2 Score: 7.8
Description:
netfilter: nf_tables: deactivate anonymous set from preparation phase
CVE: https://access.redhat.com/security/cve/CVE-2023-32233
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-32233, CVSSv2 Score: 7.8
Description:
netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation)
CVE: https://access.redhat.com/security/cve/CVE-2023-32233
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1-kpatch.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-32233, CVSSv2 Score: 7.8
Description:
netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE: https://access.redhat.com/security/cve/CVE-2023-32233
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-2.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-32233, CVSSv2 Score: 7.8
Description:
netfilter: nf_tables: skip deactivated anonymous sets during lookups
CVE: https://access.redhat.com/security/cve/CVE-2023-32233
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-3.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-35001, CVSSv2 Score: 7.8
Description:
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
CVE: https://access.redhat.com/security/cve/CVE-2023-35001
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-35001.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-3609, CVSSv2 Score: 7.0
Description:
Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow
CVE: https://access.redhat.com/security/cve/CVE-2023-3609
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-3609-smart-backport-for-net-sched-cls-u32-c.patch
From: 3.10.0-1160.102.1.el7

CVE-2023-4208 CVE-2023-4128, CVSSv2 Score:
Description:
Smart Patch for net/sched/cls_u32.c
CVE: https://access.redhat.com/security/cve/CVE-2023-4208
Patch: rhel7/3.10.0-1160.102.1.el7/CVE-2023-4208-smart-patch-for-net-sched-cls-u32-c.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2023-4207 CVE-2023-4128, CVSSv2 Score: 7.8
Description:
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
CVE: https://access.redhat.com/security/cve/CVE-2023-4207
Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4207-net-sched-cls-fw-no-longer-copy-tcf-result-on-update-to-avoid.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2023-4206 CVE-2023-4128, CVSSv2 Score: 7.8
Description:
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
CVE: https://access.redhat.com/security/cve/CVE-2023-4206
Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4206-net-sched-cls-route-no-longer-copy-tcf-result-on-update-to-avoid.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2023-3776, CVSSv2 Score: 7.0
Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
CVE: https://access.redhat.com/security/cve/CVE-2023-3776
Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3776-net-sched-cls-fw-fix-improper-refcount-update-leads-to.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2023-3611, CVSSv2 Score: 7.8
Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
CVE: https://access.redhat.com/security/cve/CVE-2023-3611
Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3611-net-sched-sch-qfq-account-for-stab-overhead-in-qfq-enqueue.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2022-40982, CVSSv2 Score:
Description:
Complex adaptation required.
CVE:
Patch: skipped/CVE-2022-40982.patch
From:

CVE-2023-31436, CVSSv2 Score: 7.0
Description:
net/sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
CVE: https://access.redhat.com/security/cve/CVE-2023-31436
Patch: rhel7/3.10.0-1160.105.1.el7/CVE-2023-31436-net-sched-sch_qfq-prevent-slab-out-of-bounds-in-qfq_.patch
From: kernel-3.10.0-1160.105.1.el7

CVE-2023-42753, CVSSv2 Score: 7.0
Description:
revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net
CVE: https://access.redhat.com/security/cve/CVE-2023-42753
Patch: rhel7/3.10.0-1160.108.1.el7/CVE-2023-42753-REVERT-net-netfilter-ipset-actually-allow-allowable-CIDR-0-.patch
From: 3.10.0-1160.108.1.el7

CVE-2022-42896, CVSSv2 Score: 8.1
Description:
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
CVE: https://access.redhat.com/security/cve/CVE-2022-42896
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-accepting-connection-request-for-invalid-SPSM.patch
From: 3.10.0-1160.114.2.el7

CVE-2022-42896, CVSSv2 Score: 8.1
Description:
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
CVE: https://access.redhat.com/security/cve/CVE-2022-42896
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-l2cap_global_chan_by_psm.patch
From: 3.10.0-1160.114.2.el7

CVE-2023-4921, CVSSv2 Score: 7.8
Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
CVE: https://access.redhat.com/security/cve/CVE-2023-4921
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue.patch
From: 3.10.0-1160.114.2.el7

CVE-2023-4921, CVSSv2 Score: 7.8
Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)
CVE: https://access.redhat.com/security/cve/CVE-2023-4921
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue-kpatch.patch
From: 3.10.0-1160.114.2.el7

CVE-2023-38409, CVSSv2 Score:
Description:
fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472
CVE:
Patch: skipped/CVE-2023-38409.patch
From:

CVE-2023-45871, CVSSv2 Score: 7.5
Description:
igb: set max size RX buffer when store bad packet is enabled
CVE: https://access.redhat.com/security/cve/CVE-2023-45871
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled.patch
From: 3.10.0-1160.114.2.el7

CVE-2023-45871, CVSSv2 Score: 7.5
Description:
igb: set max size RX buffer when store bad packet is enabled (adaptation)
CVE: https://access.redhat.com/security/cve/CVE-2023-45871
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled-kpatch.patch
From: 3.10.0-1160.114.2.el7

CVE-2024-1086, CVSSv2 Score: 7.0
Description:
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
CVE: https://access.redhat.com/security/cve/CVE-2024-1086
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2024-1086-netfilter-nf-tables-reject-queue-drop-verdict-parameters.patch
From: 3.10.0-1160.114.2.el7

CVE-2024-26602, CVSSv2 Score: 5.5
Description:
sched/membarrier: reduce the ability to hammer on sys_membarrier
CVE: https://access.redhat.com/security/cve/CVE-2024-26602
Patch: rhel7/3.10.0-1160.114.2.el7/CVE-2024-26602-sched-membarrier-reduce-the-ability-to-hammer-on-sys_membarrier.patch
From: 3.10.0-1160.114.2.el7

CVE-2023-4622, CVSSv2 Score: 7.8
Description:
[PATCH 1681/1699] af_unix: Fix null-ptr-deref in
CVE: https://access.redhat.com/security/cve/CVE-2023-4622
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4622-patch-1681-1699-af-unix-fix-null-ptr-deref-in.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-4623, CVSSv2 Score: 7.8
Description:
[PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc
CVE: https://access.redhat.com/security/cve/CVE-2023-4623
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1658-1699-net-sched-sch-hfsc-ensure-inner-classes-have-fsc.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-4623, CVSSv2 Score: 7.8
Description:
[PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it
CVE: https://access.redhat.com/security/cve/CVE-2023-4623
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1659-1699-net-sched-sch-hfsc-upgrade-rt-to-sc-when-it.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-2002, CVSSv2 Score: 6.8
Description:
[PATCH 1686/1699] bluetooth: Perform careful capability checks in
CVE: https://access.redhat.com/security/cve/CVE-2023-2002
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1686-1699-bluetooth-perform-careful-capability-checks-in.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-2002, CVSSv2 Score: 6.8
Description:
[PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of
CVE: https://access.redhat.com/security/cve/CVE-2023-2002
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1689-1699-bluetooth-add-cmd-validity-checks-at-the-start-of.patch
From: 3.10.0-1160.118.1.el7

CVE-2020-36558, CVSSv2 Score: 5.1
Description:
[PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX
CVE: https://access.redhat.com/security/cve/CVE-2020-36558
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2020-36558-patch-1696-1699-vt-vt-ioctl-fix-race-in-vt-resizex.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-25775, CVSSv2 Score: 9.8
Description:
[PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration
CVE: https://access.redhat.com/security/cve/CVE-2023-25775
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration.patch
From: 3.10.0-1160.118.1.el7

CVE-2023-25775, CVSSv2 Score: 9.8
Description:
RDMA/irdma: Prevent zero-length STAG registration (adaptation)
CVE: https://ubuntu.com/security/CVE-2023-25775
Patch: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration-kpatch.patch
From: 5.15.0-89.99

CVE-2024-36971, CVSSv2 Score: 7.8
Description:
net: fix __dst_negative_advice() race
CVE: https://access.redhat.com/security/cve/CVE-2024-36971
Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2024-36971-ELSCVE-27162-net-fix-__dst_negative_advice-race.patch
From: 3.10.0-1160.123.1.el7

CVE-2022-1011, CVSSv2 Score: 7.0
Description:
fuse: fix pipe buffer lifetime for direct_io
CVE: https://access.redhat.com/security/cve/CVE-2022-1011
Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc.patch
From: 3.10.0-1160.123.1.el7

CVE-2022-1011, CVSSv2 Score: 7.0
Description:
fuse: fix pipe buffer lifetime for direct_io
CVE: https://access.redhat.com/security/cve/CVE-2022-1011
Patch: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc-kpatch.patch
From: 3.10.0-1160.123.1.el7

CVE-2024-41071, CVSSv2 Score: 7.8
Description:
wifi: mac80211: Avoid address calculations via out of bounds array indexing
CVE: https://access.redhat.com/security/cve/CVE-2024-41071
Patch: rhel7/3.10.0-1160.125.1.el7/CVE-2024-41071-wifi-mac80211-Avoid-address-calculation.patch
From: 3.10.0-1160.125.1.el7

CVE-2024-2201, CVSSv2 Score: 4.7
Description:
x86/bhi: Add support for clearing branch history at syscall entry
CVE: https://access.redhat.com/security/cve/CVE-2024-2201
Patch: 3.10.0/CVE-2024-2201-native-bhi-el7-2.patch
From: kernel-4.18.0-553.16.1.el8_10

N/A, CVSSv2 Score: N/A
Description:
Restrict access to pagemap/kpageflags/kpagecount
CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Patch: 3.10.0/proc-restrict-pagemap-access-1062.patch
From: N/A