Redhat Enterprise Linux vulnerabilities

CVE-2023-40546 [MEDIUM] CWE-476 CVE-2023-40546: A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.

CVE-2023-40551 [MEDIUM] CWE-125 CVE-2023-40551: A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a cras A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.

CVE-2023-40549 [MEDIUM] CWE-125 CVE-2023-40549: An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.

CVE-2023-40550 [MEDIUM] CWE-125 CVE-2023-40550: An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This is An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.

CVE-2024-0841 [HIGH] CWE-476 CVE-2024-0841: A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel h A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

CVE-2023-52355 [HIGH] CWE-787 CVE-2023-52355: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.

CVE-2023-40547 [HIGH] CWE-787 CVE-2023-40547: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-contr A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during th

CVE-2023-52356 [HIGH] CWE-122 CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff f A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

CVE-2024-0775 [HIGH] CWE-416 CVE-2024-0775: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

CVE-2023-6531 [HIGH] CWE-362 CVE-2023-6531: A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collec A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

CVE-2024-0409 [HIGH] CWE-787 CVE-2024-0409: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong typ A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CVE-2024-0408 [MEDIUM] CWE-158 CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object tha

CVE-2024-0607 [MEDIUM] CWE-229 CVE-2024-0607: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_e A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the pre

CVE-2024-0646 [HIGH] CWE-787 CVE-2024-0646: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security function An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2024-0641 [MEDIUM] CWE-833 CVE-2024-0641: A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Li A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

CVE-2024-0639 [MEDIUM] CWE-833 CVE-2024-0639: A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/s A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

CVE-2024-0553 [HIGH] CVE-2024-0553: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKe A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-05

CVE-2024-0232 [MEDIUM] CWE-416 CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

CVE-2024-0562 [HIGH] CWE-416 CVE-2024-0562: A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is calle A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_wr

CVE-2023-4001 [MEDIUM] CWE-290 CVE-2023-4001: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device t An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boo