CVE-2024-5102
published 2024-06-10CVE-2024-5102: A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting -> repair) feature, which attempts to delete a file in the current user's…
PriorityP434high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.22%
13.1th percentile
A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting -> repair) feature, which attempts to delete a file in the current user's AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.
This issue affects Avast Antivirus prior to 24.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avast | antivirus | < 24.2 | 24.2 |
| avast | antivirus | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.3HIGHCVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-36921 kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
bugzilla·2024-06-03·CVSS 7.8
CVE-2024-36921 [HIGH] CVE-2024-36921 kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
CVE-2024-36921 kernel: wifi: iwlwifi: mvm: guard against invalid STA ID on removal
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: guard against invalid STA ID on removal
The Linux kernel CVE team has assigned CVE-2024-36921 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024053039-CVE-2024-36921-9f90@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2284514]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
-
Bugzilla
CVE-2023-52777 kernel: wifi: ath11k: fix gtk offload status event locking
bugzilla·2024-05-22·CVSS 7.8
CVE-2023-52777 [HIGH] CVE-2023-52777 kernel: wifi: ath11k: fix gtk offload status event locking
CVE-2023-52777 kernel: wifi: ath11k: fix gtk offload status event locking
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix gtk offload status event locking
The Linux kernel CVE team has assigned CVE-2023-52777 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052152-CVE-2023-52777-2f32@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Bugzilla
CVE-2021-47408 kernel: netfilter: conntrack: serialize hash resizes and cleanups
bugzilla·2024-05-22·CVSS 5.5
CVE-2021-47408 [MEDIUM] CVE-2021-47408 kernel: netfilter: conntrack: serialize hash resizes and cleanups
CVE-2021-47408 kernel: netfilter: conntrack: serialize hash resizes and cleanups
In the Linux kernel, the following vulnerability has been resolved:
netfilter: conntrack: serialize hash resizes and cleanups
The Linux kernel CVE team has assigned CVE-2021-47408 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052151-CVE-2021-47408-ad88@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Bugzilla
CVE-2023-52756 kernel: pwm: Fix double shift bug
bugzilla·2024-05-22
CVE-2023-52756 [MEDIUM] CVE-2023-52756 kernel: pwm: Fix double shift bug
CVE-2023-52756 kernel: pwm: Fix double shift bug
In the Linux kernel, the following vulnerability has been resolved:
pwm: Fix double shift bug
The Linux kernel CVE team has assigned CVE-2023-52756 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052146-CVE-2023-52756-f694@gregkh/T
Discussion:
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52756 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built).
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Bugzilla
CVE-2023-52791 kernel: i2c: core: Run atomic i2c xfer when !preemptible
bugzilla·2024-05-22·CVSS 5.5
CVE-2023-52791 [MEDIUM] CVE-2023-52791 kernel: i2c: core: Run atomic i2c xfer when !preemptible
CVE-2023-52791 kernel: i2c: core: Run atomic i2c xfer when !preemptible
In the Linux kernel, the following vulnerability has been resolved:
i2c: core: Run atomic i2c xfer when !preemptible
The Linux kernel CVE team has assigned CVE-2023-52791 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052156-CVE-2023-52791-f2b9@gregkh/T
Discussion:
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52791 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built).
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the f
Bugzilla
CVE-2023-52847 kernel: media: bttv: fix use after free error due to btv->timeout timer
bugzilla·2024-05-22·CVSS 7.0
CVE-2023-52847 [HIGH] CVE-2023-52847 kernel: media: bttv: fix use after free error due to btv->timeout timer
CVE-2023-52847 kernel: media: bttv: fix use after free error due to btv->timeout timer
In the Linux kernel, the following vulnerability has been resolved:
media: bttv: fix use after free error due to btv->timeout timer
The Linux kernel CVE team has assigned CVE-2023-52847 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052113-CVE-2023-52847-a551@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Bugzilla
CVE-2024-35910 kernel: tcp: properly terminate timers for kernel sockets
bugzilla·2024-05-20·CVSS 5.8
CVE-2024-35910 [MEDIUM] CVE-2024-35910 kernel: tcp: properly terminate timers for kernel sockets
CVE-2024-35910 kernel: tcp: properly terminate timers for kernel sockets
In the Linux kernel, the following vulnerability has been resolved:
tcp: properly terminate timers for kernel sockets
The Linux kernel CVE team has assigned CVE-2024-35910 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051955-CVE-2024-35910-5f95@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281642]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
---
This issue has b
Bugzilla
CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
bugzilla·2024-05-20·CVSS 7.1
CVE-2024-35937 [HIGH] CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
CVE-2024-35937 kernel: wifi: cfg80211: check A-MSDU format more carefully
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: check A-MSDU format more carefully
The Linux kernel CVE team has assigned CVE-2024-35937 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051918-CVE-2024-35937-0415@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281822]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.8 Extended Update Support
Via RHSA-2024:4740 https://access.redhat.com/errata/RHSA-2024:4740
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024
Bugzilla
CVE-2024-35810 kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory
bugzilla·2024-05-17·CVSS 5.5
CVE-2024-35810 [MEDIUM] CVE-2024-35810 kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory
CVE-2024-35810 kernel: drm/vmwgfx: Fix the lifetime of the bo cursor memory
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Fix the lifetime of the bo cursor memory
The Linux kernel CVE team has assigned CVE-2024-35810 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051741-CVE-2024-35810-1b33@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281216]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
---
This issue
Bugzilla
CVE-2024-35807 kernel: ext4: fix corruption during on-line resize
bugzilla·2024-05-17·CVSS 5.5
CVE-2024-35807 [MEDIUM] CVE-2024-35807 kernel: ext4: fix corruption during on-line resize
CVE-2024-35807 kernel: ext4: fix corruption during on-line resize
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix corruption during on-line resize
The Linux kernel CVE team has assigned CVE-2024-35807 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051740-CVE-2024-35807-2a9e@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281222]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
---
This issue has been addressed
Bugzilla
CVE-2024-27388 kernel: SUNRPC: fix some memleaks in gssx_dec_option_array
bugzilla·2024-05-01·CVSS 5.5
CVE-2024-27388 [MEDIUM] CVE-2024-27388 kernel: SUNRPC: fix some memleaks in gssx_dec_option_array
CVE-2024-27388 kernel: SUNRPC: fix some memleaks in gssx_dec_option_array
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: fix some memleaks in gssx_dec_option_array
The Linux kernel CVE team has assigned CVE-2024-27388 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050135-CVE-2024-27388-04eb@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278536]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
Bugzilla
CVE-2023-52648 kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state
bugzilla·2024-05-01·CVSS 5.5
CVE-2023-52648 [MEDIUM] CVE-2023-52648 kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state
CVE-2023-52648 kernel: drm/vmwgfx: Unmap the surface before resetting it on a plane state
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Unmap the surface before resetting it on a plane state
The Linux kernel CVE team has assigned CVE-2023-52648 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050122-CVE-2023-52648-4e0d@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278540]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHS
Bugzilla
CVE-2024-26958 kernel: nfs: fix UAF in direct writes
bugzilla·2024-05-01·CVSS 7.8
CVE-2024-26958 [HIGH] CVE-2024-26958 kernel: nfs: fix UAF in direct writes
CVE-2024-26958 kernel: nfs: fix UAF in direct writes
In the Linux kernel, the following vulnerability has been resolved:
nfs: fix UAF in direct writes
The Linux kernel CVE team has assigned CVE-2024-26958 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050129-CVE-2024-26958-6c15@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278183]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
---
This issue has been addressed in the following products:
Bugzilla
CVE-2024-26940 kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
bugzilla·2024-05-01·CVSS 5.5
CVE-2024-26940 [MEDIUM] CVE-2024-26940 kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
CVE-2024-26940 kernel: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
In the Linux kernel, the following vulnerability has been resolved:
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
The Linux kernel CVE team has assigned CVE-2024-26940 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050125-CVE-2024-26940-1785@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278219]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata
Bugzilla
CVE-2024-26837 kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload
bugzilla·2024-04-17·CVSS 4.7
CVE-2024-26837 [MEDIUM] CVE-2024-26837 kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload
CVE-2024-26837 kernel: net: bridge: switchdev: Skip MDB replays of deferred events on offload
In the Linux kernel, the following vulnerability has been resolved:
net: bridge: switchdev: Skip MDB replays of deferred events on offload
The Linux kernel CVE team has assigned CVE-2024-26837 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024041715-CVE-2024-26837-753c@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2275581]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/er
Bugzilla
CVE-2024-26843 kernel: efi: runtime: Fix potential overflow of soft-reserved region size
bugzilla·2024-04-17·CVSS 6.0
CVE-2024-26843 [MEDIUM] CVE-2024-26843 kernel: efi: runtime: Fix potential overflow of soft-reserved region size
CVE-2024-26843 kernel: efi: runtime: Fix potential overflow of soft-reserved region size
In the Linux kernel, the following vulnerability has been resolved:
efi: runtime: Fix potential overflow of soft-reserved region size
The Linux kernel CVE team has assigned CVE-2024-26843 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024041716-CVE-2024-26843-51a0@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2275566]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-
Bugzilla
CVE-2024-26740 kernel: net/sched: act_mirred: use the backlog for mirred ingress
bugzilla·2024-04-04·CVSS 5.5
CVE-2024-26740 [MEDIUM] CVE-2024-26740 kernel: net/sched: act_mirred: use the backlog for mirred ingress
CVE-2024-26740 kernel: net/sched: act_mirred: use the backlog for mirred ingress
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_mirred: use the backlog for mirred ingress
The Linux kernel CVE team has assigned CVE-2024-26740 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040300-CVE-2024-26740-4d6f@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2273269]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101
---
Bugzilla
CVE-2024-26802 kernel: stmmac: Clear variable when destroying workqueue
bugzilla·2024-04-04·CVSS 5.5
CVE-2024-26802 [MEDIUM] CVE-2024-26802 kernel: stmmac: Clear variable when destroying workqueue
CVE-2024-26802 kernel: stmmac: Clear variable when destroying workqueue
In the Linux kernel, the following vulnerability has been resolved:
stmmac: Clear variable when destroying workqueue
The Linux kernel CVE team has assigned CVE-2024-26802 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26802-b3da@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2273428]
---
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-26802 is: SKIP No affected files built, so skip this CVE NO - - unknown (where first YES/NO value means if related sources built).
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https:
Bugzilla
CVE-2024-26660 kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
bugzilla·2024-04-02·CVSS 5.5
CVE-2024-26660 [MEDIUM] CVE-2024-26660 kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
CVE-2024-26660 kernel: drm/amd/display: Implement bounds check for stream encoder creation in DCN301
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Implement bounds check for stream encoder creation in DCN301
The Linux kernel CVE team has assigned CVE-2024-26660 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040222-CVE-2024-26660-3f40@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2272783]
---
This was fixed for Fedora with the 6.7.5 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following pr
Bugzilla
CVE-2023-52623 kernel: SUNRPC: Fix a suspicious RCU usage warning
bugzilla·2024-03-26·CVSS 5.5
CVE-2023-52623 [MEDIUM] CVE-2023-52623 kernel: SUNRPC: Fix a suspicious RCU usage warning
CVE-2023-52623 kernel: SUNRPC: Fix a suspicious RCU usage warning
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: Fix a suspicious RCU usage warning
The Linux kernel CVE team has assigned CVE-2023-52623 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/[email protected]/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2271687]
---
This was fixed for Fedora with the 6.7.4 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5101 https://acce
Bugzilla
CVE-2024-26614 kernel: tcp: make sure init the accept_queue's spinlocks once
bugzilla·2024-03-12·CVSS 5.5
CVE-2024-26614 [MEDIUM] CVE-2024-26614 kernel: tcp: make sure init the accept_queue's spinlocks once
CVE-2024-26614 kernel: tcp: make sure init the accept_queue's spinlocks once
In the Linux kernel, the following vulnerability has been resolved:
tcp: make sure init the accept_queue's spinlocks once
The Linux kernel CVE team has assigned CVE-2024-26614 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/[email protected]/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2269212]
---
This was fixed for Fedora with the 6.7.3 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA
Bugzilla
CVE-2024-2201 hw: cpu: intel: Native Branch History Injection (BHI)
bugzilla·2024-03-06·CVSS 4.7
CVE-2024-2201 [MEDIUM] CVE-2024-2201 hw: cpu: intel: Native Branch History Injection (BHI)
CVE-2024-2201 hw: cpu: intel: Native Branch History Injection (BHI)
A native Spectre-v2 exploit against the Linux kernel on last-generation Intel CPUs, based on the recent BHI variant and able to leak arbitrary kernel memory at 3.5 kB/sec. In this flaw a number of gadgets and exploitation techniques to bypass the recent FineIBT mitigation, along with a case study on a 13th Gen Intel CPU that can leak kernel memory at 18 bytes/sec.
Reference:
https://www.openwall.com/lists/oss-security/2024/04/09/15
https://www.vusec.net/projects/native-bhi/
https://download.vusec.net/papers/inspectre_sec24.pdf
Discussion:
*** Bug 2250691 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://
Bugzilla
CVE-2024-25739 kernel: crash due to a missing check for leb_size
bugzilla·2024-02-12·CVSS 5.5
CVE-2024-25739 [MEDIUM] CVE-2024-25739 kernel: crash due to a missing check for leb_size
CVE-2024-25739 kernel: crash due to a missing check for leb_size
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
References:
https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg
https://www.spinics.net/lists/kernel/msg5074816.html
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2263887]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102
---
This issue has been addressed in the following produc
2024-06-10
Published