- kernel-5.14.0-70.36.1.el9_0 (rhel9)
- 5.14.0-362.24.1.el9_3
- 2024-03-16 11:32:06
- 2024-03-18 06:58:50
- K20240316_12
- CVE-2022-2964, CVSSv2 Score: 7.8
- Description:
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- CVE: https://access.redhat.com/security/cve/CVE-2022-2964
- Patch: rhel9/5.14.0-70.43.1.el9_0/CVE-2022-2964-net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
- From: 5.14.0-70.43.1.el9_0
- CVE-2022-4139, CVSSv2 Score: 7.0
- Description:
drm/i915: fix TLB invalidation for Gen12 video and compute engines
- CVE: https://access.redhat.com/security/cve/CVE-2022-4139
- Patch: rhel9/5.14.0-70.43.1.el9_0/CVE-2022-4139-drm-i915-fix-TLB-invalidation-for-Gen12-video-and-co.patch
- From: 5.14.0-70.43.1.el9_0
- CVE-2023-0266, CVSSv2 Score: 7.8
- Description:
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
- CVE: https://access.redhat.com/security/cve/cve-2023-0266
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2023-0266-alsa-pcm-move-rwsem-lock-inside-snd-ctl-elem-read-to-prevent-uaf.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2023-0179, CVSSv2 Score: 7.8
- Description:
netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
- CVE: https://access.redhat.com/security/cve/cve-2023-0179
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2023-0179-netfilter-nft-payload-incorrect-arithmetics-when-fetching-vlan.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2022-4379, CVSSv2 Score: 7.5
- Description:
NFSD: fix use-after-free in __nfs42_ssc_open()
- CVE: https://access.redhat.com/security/cve/cve-2022-4379
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2022-4379-nfsd-fix-use-after-free-in-nfs42-ssc-open.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: proc_skip_spaces() shouldn't think it is working on C strings
- CVE: https://access.redhat.com/security/cve/cve-2022-4378
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2022-4378-proc-proc-skip-spaces-shouldn-t-think-it-is-working-on-c-strings.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2022-4378, CVSSv2 Score: 7.8
- Description:
proc: avoid integer type confusion in get_proc_long
- CVE: https://access.redhat.com/security/cve/cve-2022-4378
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2022-4378-proc-avoid-integer-type-confusion-in-get-proc-long.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2022-4269, CVSSv2 Score: 5.5
- Description:
act_mirred: use the backlog for nested calls to mirred ingress
- CVE: https://access.redhat.com/security/cve/cve-2022-4269
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2022-4269-patch-act-mirred-use-the-backlog-for-nested-calls-to-mirred.patch
- From: kernel-5.14.0-70.49.1.el9_0
- CVE-2022-3564, CVSSv2 Score: 7.1
- Description:
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
- CVE: https://access.redhat.com/security/cve/cve-2022-3564
- Patch: rhel9/5.14.0-70.49.1.el9_0/CVE-2022-3564-bluetooth-l2cap-fix-use-after-free-caused-by-l2cap-reassemble-sdu.patch
- From: kernel-5.14.0-70.49.1.el9_0