KernelCare Directory

kernel-2.6.32-954.3.5.lve1.4.87.el6 (cl6)
Kernel Update Version: 2.6.32-954.3.5.lve1.4.93.el6
Build Date: 2024-05-23 22:00:42
Release Date: 2024-08-15 08:55:43
Release: K20240523_10

CVE-2017-1000371, CVSSv2 Score: 7.8
Description:
binfmt_elf: use ELF_ET_DYN_BASE only for PIE
CVE: https://access.redhat.com/security/cve/CVE-2017-1000371
Patch: rhel6/kernel-2.6.32-754.29.1.el6/CVE-2017-1000371-binfmt-elf-use-elf-et-dyn-base-only-for-pie-openvz.patch
From: kernel-2.6.32-754.29.1.el6

CVE-2019-17666, CVSSv2 Score: 6.3
Description:
rtlwifi: Fix potential overflow on P2P code
CVE: https://access.redhat.com/security/cve/CVE-2019-17666
Patch: rhel6/kernel-2.6.32-754.29.1.el6/CVE-2019-17666-rtlwifi-Fix-potential-overflow-on-P2P-code.patch
From: kernel-2.6.32-754.29.1.el6

CVE-2021-27365, CVSSv2 Score: 7.0
Description:
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
CVE: https://access.redhat.com/security/cve/cve-2021-27365
Patch: 2.6.32/CVE-2021-27365-sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-CL.patch
From: 2.6.32-754.35.3.el6

CVE-2019-14897 CVE-2019-14896, CVSSv2 Score: 9.8
Description:
more overflows in marvell wifi driver
CVE: https://security-tracker.debian.org/tracker/CVE-2019-14896
Patch: 2.6.32/cve-2019-14896-14897-fix-two-buffer-overflows-at-parsing-bss-desc.patch
From: kernel-2.6.32-754.33.1

CVE-2020-36385, CVSSv2 Score: 7.8
Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer
CVE: https://access.redhat.com/security/cve/CVE-2020-36385
Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer.patch
From: 2.6.32-754.35.8.el6

CVE-2020-36385, CVSSv2 Score: n/a
Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer (adaptation)
CVE: n/a
Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer-kpatch.patch
From: 2.6.32-754.35.8.el6

CVE-2020-36385, CVSSv2 Score: 7.8
Description:
RDMA/cma: Add missing locking to rdma_accept()
CVE: https://access.redhat.com/security/cve/CVE-2020-36385
Patch: 2.6.32/CVE-2020-36385-1202-RDMA-ucma-Add-missing-locking-to-rdma_accept.patch
From: 2.6.32-754.35.8.el6

CVE-2020-36385, CVSSv2 Score: 7.8
Description:
RDMA/ucma: Fix the locking of ctx->file
CVE: https://access.redhat.com/security/cve/CVE-2020-36385
Patch: 2.6.32/CVE-2020-36385-1203-RDMA-ucma-Fix-the-locking-of-ctx-file.patch
From: 2.6.32-754.35.8.el6

CVE-2020-36385, CVSSv2 Score: 7.8
Description:
RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE: https://access.redhat.com/security/cve/CVE-2020-36385
Patch: 2.6.32/CVE-2020-36385-1205-RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch
From: 2.6.32-754.35.8.el6

CVE-2021-32399, CVSSv2 Score: 7.0
Description:
bluetooth: eliminate the potential race condition
CVE: https://access.redhat.com/security/cve/cve-2021-21299
Patch: 2.6.32/CVE-2021-32399-bluetooth-eliminate-the-po.patch
From: 2.6.32-754.35.8.el6

CVE-2020-0466, CVSSv2 Score: 7.8
Description:
epoll: Keep a reference on files added to the check list
CVE: https://access.redhat.com/security/cve/CVE-2020-0466
Patch: 2.6.32/CVE-2020-0466-epoll-Keep-a-reference-on-files-added-to-the-check-954.patch
From: 2.6.32-754.35.1.el6

CVE-2021-0920, CVSSv2 Score: 6.4
Description:
af_unix: fix garbage collect vs MSG_PEEK
CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
Patch: 2.6.32/CVE-2021-0920-af_unix-fix-garbage-collect-vs-MSG_PEEK.patch
From: 2.6.32-754.35.1.el6

CVE-2021-0920, CVSSv2 Score: 6.4
Description:
af_unix: fix garbage collect vs MSG_PEEK (adaptation)
CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
Patch: 3.10.0/CVE-2021-0920-kpatch.patch
From: 4.1.12-124.59.1.2

CVE-2021-4155, CVSSv2 Score: 5.5
Description:
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
CVE: https://access.redhat.com/security/cve/CVE-2021-4155
Patch: 2.6.32/CVE-2021-4155-xfs-map-unwritten-blocks-in-XFS_IOC_ALLOC-FREESP-just-like.patch
From: 2.6.32-754.35.8.el6

CVE-2022-0492, CVSSv2 Score: 7.8
Description:
cgroup-v1: Require capabilities to set release_agent
CVE: https://security-tracker.debian.org/tracker/CVE-2022-0492
Patch: 2.6.32/CVE-2022-0492-cgroup-v1-Require-capabilities-to-set-release_agent-openvz.patch
From: 2.6.32-954.3.5.lve1.4.89.el6

CVE-2022-4378, CVSSv2 Score: 7.8
Description:
proc: avoid integer type confusion in get_proc_long
CVE: https://access.redhat.com/security/cve/CVE-2022-4378
Patch: 2.6.32/CVE-2022-4378-0001-proc-avoid-integer-type-confusion-in-get_proc_long.patch
From: 2.6.32-754.50.1.el6

CVE-2022-4378, CVSSv2 Score: 7.8
Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
CVE: https://access.redhat.com/security/cve/CVE-2022-4378
Patch: 2.6.32/CVE-2022-4378-0002-proc-proc_skip_spaces-shouldn-t-think-it-is-working-.patch
From: 2.6.32-754.50.1.el6

CVE-2019-11487, CVSSv2 Score: 7.8
Description:
prevent page refcount overflow
CVE: https://access.redhat.com/security/cve/cve-2019-11487
Patch: 2.6.32/cve-2019-11487.patch
From: kernel-2.6.32-754.35.1.el6

CVE-2014-4508, CVSSv2 Score:
Description:
Out of scope as the patch is for x86_32 arch only, x86_64 is not affected
CVE:
Patch: skipped/CVE-2014-4508.patch
From:

CVE-2021-33909, CVSSv2 Score:
Description:
not affected without caused-by commit 058504edd026 fs/seq_file: fallback to vmalloc allocation
CVE:
Patch: skipped/CVE-2021-33909.patch
From:

CVE-2020-12362, CVSSv2 Score:
Description:
Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected
CVE:
Patch: skipped/CVE-2020-12362.patch
From:

CVE-2021-22543, CVSSv2 Score: 7.8
Description:
KVM: do not allow mapping valid but non-reference-counted pages
CVE: https://access.redhat.com/security/cve/cve-2021-22543
Patch: 2.6.32/CVE-2021-22543-KVM-do-not-allow-mapping-valid-but-non-reference-co-954.patch
From: 2.6.32-754.48.1.el6

CVE-2021-26401, CVSSv2 Score:
Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.
CVE:
Patch: skipped/CVE-2021-26401.patch
From:

CVE-2023-3611, CVSSv2 Score: 7.8
Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
CVE: https://access.redhat.com/security/cve/CVE-2023-3611
Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-3611.patch
From: kernel-2.6.32-754.53.1.el6

CVE-2023-3776, CVSSv2 Score: 7.0
Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
CVE: https://access.redhat.com/security/cve/CVE-2023-3776
Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-3776.patch
From: kernel-2.6.32-754.53.1.el6

CVE-2023-4921, CVSSv2 Score: 7.8
Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
CVE: https://access.redhat.com/security/cve/CVE-2023-4921
Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-4921.patch
From: kernel-2.6.32-754.53.1.el6

CVE-2023-31436, CVSSv2 Score: 7.0
Description:
net: sched: sch_qfq: prevent slab-out-of-bounds in
CVE: https://access.redhat.com/security/cve/CVE-2023-31436
Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-31436.patch
From: kernel-2.6.32-754.53.1.el6

CVE-2020-11565, CVSSv2 Score: 7.8
Description:
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-11565
Patch: 2.6.32/cve-2020-11565-mempolicy-require-at-least-one-nodeid.patch
From: kernel-2.6.32-754.29.1.el6

CVE-2020-10942, CVSSv2 Score: 5.3
Description:
vhost: Check docket sk_family instead of call getname
CVE: https://access.redhat.com/security/cve/cve-2020-10942
Patch: 2.6.32/cve-2020-10942-vhost-check-docket-sk_family.patch
From: kernel-2.6.32-754.29.1.el6

N/A, CVSSv2 Score:
Description:
Restrict access to pagemap/kpageflags/kpagecount
CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Patch: 2.6.32/proc-restrict-pagemap-access.patch
From:

N/A, CVSSv2 Score:
Description:
vmx_vcpu_run wrapper
CVE:
Patch: 2.6.32/x86-kvm-vmx_vcpu_run-wrapper.patch
From:

N/A, CVSSv2 Score: N/A
Description:
N/A
CVE: N/A
Patch: 2.6.32/kpatch-add-paravirt-asm-definitions.patch
From: N/A