- kernel-2.6.32-954.3.5.lve1.4.74.el6 (cl6)
- 2.6.32-954.3.5.lve1.4.93.el6
- 2024-05-23 22:00:40
- 2024-08-15 08:55:43
- K20240523_10
- CVE-2019-11810, CVSSv2 Score: 6.2
- Description:
scsi: megaraid_sas: return error when create DMA pool failed
- CVE: https://access.redhat.com/security/cve/cve-2019-11810
- Patch: 2.6.32/CVE-2019-11810.patch
- From: kernel-2.6.32-754.22.1.el6
- CVE-2018-9568, CVSSv2 Score: 7
- Description:
net: Set sk_prot_creator when cloning sockets to the right proto
- CVE: https://access.redhat.com/security/cve/cve-2018-9568
- Patch: 2.6.32/CVE-2018-9568-el6.patch
- From: 2.6.32-754.22.1.el6
- CVE-2019-17055, CVSSv2 Score: 3.3
- Description:
mISDN: enforce CAP_NET_RAW for raw sockets
- CVE: https://linux.oracle.com/cve/CVE-2019-17055.html
- Patch: 2.6.32/CVE-2019-17055.patch
- From: 2.6.39-400.317.1.el6uek
- CVE-2019-17133, CVSSv2 Score: 8.8
- Description:
cfg80211: wext: avoid copying malformed SSIDs
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-17133
- Patch: 2.6.32/cve-2019-17133-cfg80211-wext-avoid-copying-malformed-SSID.patch
- From: kernel-2.6.32-754.28.1.el6
- CVE-2018-12207, CVSSv2 Score: 6.5
- Description:
kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2018-12207
- Patch: 2.6.32/CVE-2018-12207-mitigation.patch
- From: kernel-2.6.32-754.23.1.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [1/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1171-drm-drm-i915-gtt-Add-read-only-pages-to-gen8_pte_enc.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [2/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1172-drm-erm-i915-gtt-Read-only-pages-for-insert_entries-.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [3/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1173-drm-drm-i915-gtt-Disable-read-only-support-under-GVT.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [4/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1174-drm-drm-i915-Rename-gen7-cmdparser-tables.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [5/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1175-drm-drm-i915-Disable-Secure-Batches-for-gen6.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [6/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1176-drm-drm-i915-Remove-Master-tables-from-cmdparser.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [7/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1177-drm-drm-i915-Add-support-for-mandatory-cmdparsing.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [8/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1178-drm-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shado.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [9/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1179-drm-drm-i915-Allow-parsing-of-unsized-batches.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [10/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1180-drm-drm-i915-Add-gen9-BCS-cmdparsing.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [11/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1181-drm-drm-i915-cmdparser-Add-support-for-backward-jump.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [12/13] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1182-drm-drm-i915-cmdparser-Ignore-Length-operands-during.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0154, CVSSv2 Score: 6.5
- Description:
fixed possible hw level crash if MMIO registers were read while the i915 GPU was in a low-power state [1/2] (kcare adaptation)
- CVE: https://access.redhat.com/security/cve/cve-2019-0154
- Patch: 2.6.32/i915/1183-drm-drm-i915-gen8-Add-RC6-CTX-corruption-WA.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0154, CVSSv2 Score: 6.5
- Description:
fixed possible hw level crash if MMIO registers were read while the i915 GPU was in a low-power state [2/2]
- CVE: https://access.redhat.com/security/cve/cve-2019-0154
- Patch: 2.6.32/i915/1184-drm-drm-i915-Lower-RM-timeout-to-avoid-DSI-hard-hang.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-0155, CVSSv2 Score: 8.8
- Description:
fixed possible memory corruption or privilege escalation for i915 gpu [13/13]
- CVE: https://access.redhat.com/security/cve/cve-2019-0155
- Patch: 2.6.32/i915/1195-drm-drm-i915-cmdparser-Fix-jump-whitelist-clearing-le-754.23.1.patch
- From: 2.6.32-754.24.3.el6
- CVE-2019-14821, CVSSv2 Score: 7.0
- Description:
KVM: MMIO: Lock coalesced device when checking for available entry
- CVE: https://access.redhat.com/security/cve/cve-2019-14821
- Patch: 2.6.32/CVE-2019-14821-1.patch
- From: 2.6.32-754.25.1.el6
- CVE-2019-14821, CVSSv2 Score: 7.0
- Description:
KVM: coalesced_mmio: add bounds checking
- CVE: https://access.redhat.com/security/cve/cve-2019-14821
- Patch: 2.6.32/CVE-2019-14821-2.patch
- From: 2.6.32-754.25.1.el6
- CVE-2017-6951, CVSSv2 Score: 5.5
- Description:
KEYS: Change the name of the dead type to ".dead" to prevent user access
- CVE: http://people.canonical.com/~ubuntu-security/cve/CVE-2017-6951
- Patch: 3.13.0/422472-KEYS-Change-the-name-of-the-dead-type-to-.dead-to-.patch
- From: kernel-3.13.0-130.179
- CVE-2017-6951, CVSSv2 Score: 5.5
- Description:
KEYS: Change the name of the dead type to ".dead" to prevent user access (kpatch adaptation)
- CVE: http://people.canonical.com/~ubuntu-security/cve/CVE-2017-6951
- Patch: 2.6.32/422472-KEYS-Change-the-name-of-the-dead-type-to-.dead-to-kpatch-1.patch
- From: kernel-3.13.0-130.179
- CVE-2021-22555, CVSSv2 Score: 7.8
- Description:
netfilter: x_tables: fix compat match/target pad out-of-bound write
- CVE: https://access.redhat.com/security/cve/CVE-2021-22555
- Patch: 2.6.32/CVE-2021-22555.patch
- From: v5.12
- CVE-2017-1000371, CVSSv2 Score: 7.8
- Description:
binfmt_elf: use ELF_ET_DYN_BASE only for PIE
- CVE: https://access.redhat.com/security/cve/CVE-2017-1000371
- Patch: rhel6/kernel-2.6.32-754.29.1.el6/CVE-2017-1000371-binfmt-elf-use-elf-et-dyn-base-only-for-pie-openvz.patch
- From: kernel-2.6.32-754.29.1.el6
- CVE-2019-17666, CVSSv2 Score: 6.3
- Description:
rtlwifi: Fix potential overflow on P2P code
- CVE: https://access.redhat.com/security/cve/CVE-2019-17666
- Patch: rhel6/kernel-2.6.32-754.29.1.el6/CVE-2019-17666-rtlwifi-Fix-potential-overflow-on-P2P-code.patch
- From: kernel-2.6.32-754.29.1.el6
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-CL.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27364 CVE-2021-27363, CVSSv2 Score: 6.3
- Description:
scsi: iscsi: Restrict sessions and handles to admin capabilities
- CVE: https://access.redhat.com/security/cve/cve-2021-27364
- Patch: 2.6.32/CVE-2021-27363-CVE-2021-27364-scsi-iscsi-Restrict-sessions-and-handles-to-admin-ca.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
scsi: iscsi: Verify lengths on passthrough PDU
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-scsi-iscsi-Verify-lengths-on-passthrough-PDUs.patch
- From: 2.6.32-754.35.3.el6
- CVE-2021-27365, CVSSv2 Score: 7.0
- Description:
scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
- CVE: https://access.redhat.com/security/cve/cve-2021-27365
- Patch: 2.6.32/CVE-2021-27365-scsi-iscsi-Ensure-sysfs-attributes-are-limited-to-PA.patch
- From: 2.6.32-754.35.3.el6
- CVE-2020-29661, CVSSv2 Score: 7.8
- Description:
tty: Fix ->pgrp locking in tiocspgrp()
- CVE: https://access.redhat.com/security/cve/CVE-2020-29661
- Patch: 2.6.32/CVE-2020-29661-tty-Fix-pgrp-locking-in-tiocspgrp.patch
- From: 2.6.32-754.39.1
- CVE-2021-20265, CVSSv2 Score: 5.1
- Description:
af_unix: fix struct pid memory leak
- CVE: https://access.redhat.com/security/cve/cve-2021-20265
- Patch: 2.6.32/CVE-2021-20265-0001-af_unix-fix-struct-pid-memory-leak.patch
- From: 2.6.32-754.39.1.el6
- CVE-2019-14897 CVE-2019-14896, CVSSv2 Score: 9.8
- Description:
more overflows in marvell wifi driver
- CVE: https://security-tracker.debian.org/tracker/CVE-2019-14896
- Patch: 2.6.32/cve-2019-14896-14897-fix-two-buffer-overflows-at-parsing-bss-desc.patch
- From: kernel-2.6.32-754.33.1
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: n/a
- Description:
RDMA/ucma: Put a lock around every call to the rdma_cm layer (adaptation)
- CVE: n/a
- Patch: 2.6.32/CVE-2020-36385-1201-RDMA-ucma-Put-a-lock-around-every-call-to-the-rdma_cm_layer-kpatch.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/cma: Add missing locking to rdma_accept()
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1202-RDMA-ucma-Add-missing-locking-to-rdma_accept.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Fix the locking of ctx->file
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1203-RDMA-ucma-Fix-the-locking-of-ctx-file.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-36385, CVSSv2 Score: 7.8
- Description:
RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
- CVE: https://access.redhat.com/security/cve/CVE-2020-36385
- Patch: 2.6.32/CVE-2020-36385-1205-RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch
- From: 2.6.32-754.35.8.el6
- CVE-2021-32399, CVSSv2 Score: 7.0
- Description:
bluetooth: eliminate the potential race condition
- CVE: https://access.redhat.com/security/cve/cve-2021-21299
- Patch: 2.6.32/CVE-2021-32399-bluetooth-eliminate-the-po.patch
- From: 2.6.32-754.35.8.el6
- CVE-2020-0466, CVSSv2 Score: 7.8
- Description:
epoll: Keep a reference on files added to the check list
- CVE: https://access.redhat.com/security/cve/CVE-2020-0466
- Patch: 2.6.32/CVE-2020-0466-epoll-Keep-a-reference-on-files-added-to-the-check-954.patch
- From: 2.6.32-754.35.1.el6
- CVE-2021-0920, CVSSv2 Score: 6.4
- Description:
af_unix: fix garbage collect vs MSG_PEEK
- CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
- Patch: 2.6.32/CVE-2021-0920-af_unix-fix-garbage-collect-vs-MSG_PEEK.patch
- From: 2.6.32-754.35.1.el6
- CVE-2021-0920, CVSSv2 Score: 6.4
- Description:
af_unix: fix garbage collect vs MSG_PEEK (adaptation)
- CVE: https://security-tracker.debian.org/tracker/CVE-2021-0920
- Patch: 3.10.0/CVE-2021-0920-kpatch.patch
- From: 4.1.12-124.59.1.2
- CVE-2021-4155, CVSSv2 Score: 5.5
- Description:
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
- CVE: https://access.redhat.com/security/cve/CVE-2021-4155
- Patch: 2.6.32/CVE-2021-4155-xfs-map-unwritten-blocks-in-XFS_IOC_ALLOC-FREESP-just-like.patch
- From: 2.6.32-754.35.8.el6
- CVE-2022-0492, CVSSv2 Score: 7.8
- Description:
cgroup-v1: Require capabilities to set release_agent
- CVE: https://security-tracker.debian.org/tracker/CVE-2022-0492
- Patch: 2.6.32/CVE-2022-0492-cgroup-v1-Require-capabilities-to-set-release_agent-openvz.patch
- From: 2.6.32-954.3.5.lve1.4.89.el6
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: avoid integer type confusion in get_proc_long
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 2.6.32/CVE-2022-4378-0001-proc-avoid-integer-type-confusion-in-get_proc_long.patch
- From: 2.6.32-754.50.1.el6
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
- CVE: https://access.redhat.com/security/cve/CVE-2022-4378
- Patch: 2.6.32/CVE-2022-4378-0002-proc-proc_skip_spaces-shouldn-t-think-it-is-working-.patch
- From: 2.6.32-754.50.1.el6
- CVE-2020-0543, CVSSv2 Score: 6.5
- Description:
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
- CVE: https://www.vusec.net/projects/crosstalk/
- Patch: srbds-enable.patch
- From: N/A
- CVE-2019-11487, CVSSv2 Score: 7.8
- Description:
prevent page refcount overflow
- CVE: https://access.redhat.com/security/cve/cve-2019-11487
- Patch: 2.6.32/cve-2019-11487.patch
- From: kernel-2.6.32-754.35.1.el6
- CVE-2014-4508, CVSSv2 Score:
- Description:
Out of scope as the patch is for x86_32 arch only, x86_64 is not affected
- CVE:
- Patch: skipped/CVE-2014-4508.patch
- From:
- CVE-2021-33909, CVSSv2 Score:
- Description:
not affected without caused-by commit 058504edd026 fs/seq_file: fallback to vmalloc allocation
- CVE:
- Patch: skipped/CVE-2021-33909.patch
- From:
- CVE-2020-12362, CVSSv2 Score:
- Description:
Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected
- CVE:
- Patch: skipped/CVE-2020-12362.patch
- From:
- CVE-2021-3347, CVSSv2 Score: 7.4
- Description:
futex: Handle faults correctly for PI futexes
- CVE: https://access.redhat.com/security/cve/cve-2021-3347
- Patch: 2.6.32/CVE-2021-3347-futex-Handle-faults-correctly-for-PI-futexes.patch
- From: >2.6.32-754.35.1
- CVE-2021-3347, CVSSv2 Score: 7.4
- Description:
futex: Provide and use pi_state_update_owner()
- CVE: https://access.redhat.com/security/cve/cve-2021-3347
- Patch: 2.6.32/CVE-2021-3347-futex-Provide-and-use-pi_state_update_owner.patch
- From: >2.6.32-754.35.1
- CVE-2021-22543, CVSSv2 Score: 7.8
- Description:
KVM: do not allow mapping valid but non-reference-counted pages
- CVE: https://access.redhat.com/security/cve/cve-2021-22543
- Patch: 2.6.32/CVE-2021-22543-KVM-do-not-allow-mapping-valid-but-non-reference-co-954.patch
- From: 2.6.32-754.48.1.el6
- CVE-2021-26401, CVSSv2 Score:
- Description:
An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.
- CVE:
- Patch: skipped/CVE-2021-26401.patch
- From:
- CVE-2023-3611, CVSSv2 Score: 7.8
- Description:
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
- CVE: https://access.redhat.com/security/cve/CVE-2023-3611
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-3611.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2023-3776, CVSSv2 Score: 7.0
- Description:
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2023-3776
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-3776.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2023-4921, CVSSv2 Score: 7.8
- Description:
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
- CVE: https://access.redhat.com/security/cve/CVE-2023-4921
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-4921.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2023-31436, CVSSv2 Score: 7.0
- Description:
net: sched: sch_qfq: prevent slab-out-of-bounds in
- CVE: https://access.redhat.com/security/cve/CVE-2023-31436
- Patch: rhel6/kernel-2.6.32-754.53.1.el6/CVE-2023-31436.patch
- From: kernel-2.6.32-754.53.1.el6
- CVE-2020-11565, CVSSv2 Score: 7.8
- Description:
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
- CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-11565
- Patch: 2.6.32/cve-2020-11565-mempolicy-require-at-least-one-nodeid.patch
- From: kernel-2.6.32-754.29.1.el6
- CVE-2020-10942, CVSSv2 Score: 5.3
- Description:
vhost: Check docket sk_family instead of call getname
- CVE: https://access.redhat.com/security/cve/cve-2020-10942
- Patch: 2.6.32/cve-2020-10942-vhost-check-docket-sk_family.patch
- From: kernel-2.6.32-754.29.1.el6
- N/A, CVSSv2 Score:
- Description:
Restrict access to pagemap/kpageflags/kpagecount
- CVE: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
- Patch: 2.6.32/proc-restrict-pagemap-access.patch
- From:
- N/A, CVSSv2 Score:
- Description:
vmx_vcpu_run wrapper
- CVE:
- Patch: 2.6.32/x86-kvm-vmx_vcpu_run-wrapper.patch
- From:
- N/A, CVSSv2 Score: N/A
- Description:
N/A
- CVE: N/A
- Patch: 2.6.32/kpatch-add-paravirt-asm-definitions.patch
- From: N/A