Redhat Enterprise Linux vulnerabilities

CVE-2023-40547 [HIGH] CWE-787 CVE-2023-40547: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-contr A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during th

CVE-2023-52356 [HIGH] CWE-122 CVE-2023-52356: A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff f A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

CVE-2024-0775 [HIGH] CWE-416 CVE-2024-0775: A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

CVE-2023-6531 [HIGH] CWE-362 CVE-2023-6531: A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collec A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

CVE-2024-0409 [HIGH] CWE-787 CVE-2024-0409: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong typ A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CVE-2024-0408 [MEDIUM] CWE-158 CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object tha

CVE-2024-0607 [MEDIUM] CWE-229 CVE-2024-0607: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_e A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the pre

CVE-2024-0646 [HIGH] CWE-787 CVE-2024-0646: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security function An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVE-2024-0641 [MEDIUM] CWE-833 CVE-2024-0641: A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Li A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

CVE-2024-0639 [MEDIUM] CWE-833 CVE-2024-0639: A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/s A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

CVE-2024-0553 [HIGH] CVE-2024-0553: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKe A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-05

CVE-2024-0232 [MEDIUM] CWE-416 CVE-2024-0232: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

CVE-2024-0562 [HIGH] CWE-416 CVE-2024-0562: A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is calle A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_wr

CVE-2023-4001 [MEDIUM] CWE-290 CVE-2023-4001: An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device t An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boo

CVE-2023-6915 [MEDIUM] CWE-476 CVE-2023-6915: A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issu A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

CVE-2023-6683 [MEDIUM] CWE-476 CVE-2023-6683: A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_c A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and t

CVE-2024-23301 [MEDIUM] CWE-276 CVE-2024-23301: Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. T Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

CVE-2024-0443 [MEDIUM] CWE-402 CVE-2024-0443: A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs

CVE-2023-5455 [MEDIUM] CWE-352 CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certai

CVE-2021-3600 [HIGH] CWE-125 CVE-2021-3600: It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.