RedHat Linux Kernel Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Notes:
CVE-2024-1086 is being exploited in the wild. It is related to use-after-free vulnerability in the netfilter: nf_tables component. Local attackers could exploit this flaw to elevate privileges from a regular user to root. The risk level remain medium risk.
[Updated on 2024-03-20]
Updated Impact, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.
[Updated on 2024-05-31]
Updated Description.
Impact
- Denial of Service
- Remote Code Execution
- Information Disclosure
- Data Manipulation
- Elevation of Privilege
- Security Restriction Bypass
System / Technologies affected
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://access.redhat.com/errata/RHSA-2024:1332
- https://access.redhat.com/errata/RHSA-2024:1323
- https://access.redhat.com/errata/RHSA-2024:1367
- https://access.redhat.com/errata/RHSA-2024:1368
Vulnerability Identifier
- CVE-2022-3545
- CVE-2022-38096
- CVE-2022-41858
- CVE-2022-42896
- CVE-2023-2166
- CVE-2023-2176
- CVE-2023-3611
- CVE-2023-4459
- CVE-2023-4921
- CVE-2023-6817
- CVE-2023-7192
- CVE-2023-31436
- CVE-2023-38409
- CVE-2023-45871
- CVE-2024-0646
- CVE-2024-1086
- CVE-2024-26602
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2024.1622/
- https://www.auscert.org.au/bulletins/ESB-2024.1606/
- https://www.auscert.org.au/bulletins/ESB-2024.1660/
- https://www.auscert.org.au/bulletins/ESB-2024.1659/
- https://access.redhat.com/errata/RHSA-2024:1332
- https://access.redhat.com/errata/RHSA-2024:1323
- https://access.redhat.com/errata/RHSA-2024:1367
- https://access.redhat.com/errata/RHSA-2024:1368
Related Tags
Share with